A PC World article today points out what many IT security professionals already know:
Your network is only as secure as your dumbest user.
The article does bring up a good way to educate users on phishing and "spear phishing" (and hopefully prevent them). The suggested method is to conduct spear phishing attacks against your users. If they succumb to the attack, inform them that it was a test, and it embarrasses them. The hope is that the next time they get a phishing email, they'll think twice about taking action.
Unfortunately, there's not an easy way to stop social engineering and phishing attacks. Spear phishing attacks are even more difficult because they contain detailed information and look very legitimate.