Training and ongoing communication remain the best ways to ensure that employees stay alert and diligent to potential social engineering attacks. Not only will employees be more empowered to take action to protect their organization, but they will also be more apt to follow procedures such as not sharing information they shouldn’t. Email filtering can also help assist in stopping some phishing emails from getting to users.
You can also test your training and communication effectiveness by initiating email phishing campaigns or hiring a firm to do spear phishing or vishing attacks and then adjusting training and communication based on those results. It is critical that employees not be punished for falling for a social engineering event but are rewarded for reporting and identifying them.