Well, there really isn't any way to ensure your organization is completely protected against phishing attacks. As long as people are involved in the process, there will be times when people fail to be vigilant and one of the bad guys reels someone in. You and I are probably more aware of what to watch for in phishing attacks, yet I've certainly come frighteningly close to clicking on a questionable link.
I've been a fan of Michael Kassner for quite a while. He recently interviewed Roger Johnson, head of the Vulnerability Assessment Team at Argonne National Laboratory. They talked about the recent phishing attack at Oak Ridge National Laboratories. Hey, if a phishing attack can be successful there, it can happen to your organization. Check out the interview.