Your last line of defense is: Well, the user. In order to help you to address this, we published a Security Awareness Kit, pretty cool stuff. You can get it here: http://www.microsoft.com/technet/security/understanding/awareness.mspx

Roger