Make sure that ALL of your staff are aware of the dangers of clicking links and/ or opening attachments from senders that are not known to them. It could be an attempt to install malware onto your computer network. The malware may be recording keystrokes so that the hacker can learn usernames and passwords for systems, or it may contain ransomware or other nasty payload.
Consider running a phishing simulator within your organisation – this is a method of testing staff security awareness. The simulator sends an e-mail similar to a malicious one with either an e-mail attachment, a link to a website or request for personal credentials and reports the results of how the staff responded to the e-mail. If the results contain a high number of fails (i.e. opened the attachment/ followed the link or provided their credentials) then additional staff training is clearly necessary.