Common-sense isn't something that can be taught. A person either has it or they don’t. However, avoiding the social aspect of an attack can and should include awareness training. Teach employees to think twice about something that just doesn't seem right or feels different and to ask questions, Rad added.
[...]
Still, all the awareness in the world won’t protect a system if it is vulnerable to a known exploit, compromised due to user error, or it’s passively attacked via a malicious website.