Something I think more companies should do is set up fake phishing emails to be sent to their employees and then penalize them for clicking on them with mandatory training, it might not completely prevent human error but there really needs to be a lot more education on OpSec and just common sense shit