I will say this until it is no longer true:
If a non-admin user clicking on a link or opening up an infected word file damages anything on your network your security is shit.
Periodt.
@bynkii @hazelweakly If clicking links and opening documents on the link-clicking document-opening machine is a security issue, that's not the responsibility of the person whose job it is to click links and open documents.
Someone else needs to make those activities safe. Probably the same person who sends out phishing emails to the people whose job it is to read emails and click links.