Security policies are the base of any organization's security infrastructure. A security policy is a document that describes the security controls that will be applied in the organization.
For securing against social engineering attacks, an employee needs to be aware of the attacks that are currently happening in the social engineering world and the counter measures to avoid them.
Employee awareness training plays a very vital role in recognizing the social engineering attack scheme and how to respond effectively. All employees must be aware about the common techniques that social engineers use to get the desired information, such as how the social engineer first tries to build a strong trust relationship, and so on and so forth.
Information should be classified as confidential, discreet, and top secret. Accordingly, authorizations should be allocated to whoever is available based on the permission level.
Passwords play a very critical role in today's IT environment. There should be guidelines on how to manage passwords. These guidelines should be followed by the network admin, database administrators, and all other personnel.
Likewise, the following validation checks could be incorporated:
Length and complexity of passwords.
Allowing the user to attempt a re-login in case of a failed login attempt.
Account blocking after a set number of failed attempts.
Periodic changing of the password.
Enterprise proxy servers with anti-malware and anti-phishing measures may help. For example, tools such as Cisco's IronPort web application gateway and many others.