Trend Micro has advised firms to create secure environments in which employees should be free to make mistakes.
The hope is that errors that could lead to disastrous data security breaches will be caught before they occur in the normal business environment.
"Sandbox your employees. They're the first and primary vulnerability that will be attacked by anyone. Let them learn and mess up in a safe environment," said Rik Ferguson, vice president of security research at Trend Micro.
Ferguson was referring to the concept of sandboxing in software, where potentially malicious code is allowed to execute in a secure virtual environment so that its intentions can be examined before it is permitted to do anything on the corporate network.
The advice came as part of a broader discussion of security awareness training at Trend Micro CloudSec 2016 in London this week. Ferguson also advised organisations to develop different security messages for different audiences.
"If you approach a tech-savvy audience with a high-level message they'll switch off quickly and lose respect for your organisation, whether that's partners, customers or your own employees. You need to target your education at the correct audience. That's a critical factor for success," he said.
Michael Wignall, national technology officer at Microsoft UK, said at the event that the need for improved security awareness is an opportunity for the industry.
"We've gone on a 40-year journey where security used to be an afterthought but is now built in to everything we do," he said.
"The industry has a responsibility for awareness and education, because the user is still the highest risk factor. Think of it as an opportunity."
V3 sister title Computing will hold its Enterprise Security and Risk Management Summit on 24 November in central London. Attendance is free to qualified end users.
The summit will be followed by the Security Excellence Awards which is now open for entries from vendors and end users.
AlphaBay users had flocked to Hansa after it was closed down - not realising it had already been taken over by Dutch police
Microsoft closes in on $100bn annual revenues with sales weighing-in at $23.3bn
Moves to take down cyber-squatted domains reveals Fancy Bear hacking network, claims Microsoft
Intel claims 'world first' in artificial intelligence that can be plugged-in almost anywhere