Most everyone is commenting about better security software, firewalls, VPNs, encryption, and all that shit. Isn't the article about employee training?
For example: call up a bank. Try to get the balance on someone's account. This is a task well within reason for the person on the other end of the phone, ASSUMING it is your account, right? That's the point of employee training. The human element is the weakest element of any security system. What training do these employees need in order to not leak out your private information to any random person who calls in? Is simply stating your name on the account enough? Is there more verification steps required?
An example of social engineering security policies at various companies to the extreme that can happen: