CA Technologies Advanced Persistent Threat Report

We have rigid firewalls, and advanced authentication, but how can I prevent employees with access to sensitive data, from falling for continuous and clever persistent threats?