Don't open unexpected attachments
Seriously - why should it ever be a user's job to protect the company from this?
It's like saying we delivered some coffee in the break room - some of it contains anthrax, users should exercise caution.
If your system allows harmful attachments in or allows damage when they are opened - it isn't the users fault. Especially if you constantly email company documents that demand permission to run macros when they are opened.