1. Establish “white hat” teams that test employees through phishing and spear-phishing intrusion testing.
2. Change enterprise email policy to only allow plain text, preventing unintentional click-through threats.
3. Similar to the “Cybersecurity Tip of the Day” concept, establish a “Cybersecurity Blunder of the Day” program.