This actually worked at the small enterprise where I take care of things. A user managed to get their machine mucked up with a bunch of spyware and adware by clicking in a forwarded email. I cleaned the machine and then management called a meeting a day or two later. Had every one of the employees in attendance. I gave the standard presentation about email safety, as well as general internet safety. I sat down. The director stood up and informed everyone in the room that the next time a machine needed to be cleaned as a result of operator error, the bill for my services (not cheap) would be deducted from the relevant employee's next paycheck. A sheet of paper was then passed around, with the same directive written on it, and all employees were instructed to either sign or lose their job. They all signed.
That was two years ago. Have not had a SINGLE instance of any malware on any machine, since that time. People now ask me every time they have any doubts about what they're doing, and I've headed off a few potential catastrophes since that started happening.
I'm guessing it's not a coincidence.