We have system wide endpoint protection that protects all of our workstations and servers from viruses, malware, ransomware and any other malicious code. We run an enterprise grade firewall that allows us to monitor and prevent access to potentially dangerous sites. In addition to this, we also have email anti virus that checks all messages that come in automatically remove anything that contains suspicious attachments. Only specific employees have permission to install software on their machines. If additional software is required, this has to be installed by an administrator.
Aside from all of the security we have in place, we provide regular internal training to help our employees identify the dangers of the internet and to raise any suspicions they have with an IT professional internally immediately.