The only thing you can do to help your users is to provide them with proper education and to explain them to keep up to date and run the right tools and not click anywhere they can.... and that is a mission which is near impossible.
I thought user education in threat management was long ago abandoned as a realistic defense mechanism. Don't get me wrong, I loved my users when I was supporting a desktop fleet; but the key to their survival was always policy implementation through Active Directory; back in the day, blocking executable files in email prevented a lot more problems than training users not to open them did. Don't get me wrong, every little bit helps. But when you consider your security with a scrutinous eye, you should always ignore the question 'how educated are my users'. It's irrelevant.