We work very closely with the departments. Some departments, especially people in the communications area, need to access social media, so we work with individual customers to ensure that they are aware of the security risks and what needs to be done to ensure they are not clicking on these malicious emails. Also, departments run some tests on phishing and how to train people to ensure that they're not going through websites and clicking on links that could be malicious—and the same with the emails.
There are TBS guidelines and policies related to employees accessing the Internet and private emails and sites, so we do work very closely with TBS as well in ensuring that the controls we put in at the perimeter can catch any of the malicious activities. It's a balance between enabling the business and securing it to the extent possible.