Possible Vectors: Phone, Social Media, Physical, and of course Email.
Employee awareness Human error is most leading cause, social engineering is about tricking people, so educating your employees on the matter and how it is a risk to the company is essential. Yearly meetings and or onboarding training going over social engineering attacks should be conducted . Write a policy and back it up with good awareness training.
Prevention Phone: Verify the person you're talking to is who they say they are. - Lets make the specific example of helpdesk people and when they do password resets
When asked for information, consider whether the person you're talking to deserves the information they're asking about.
Email:
Email filters to identify SPAM and other traits of a suspicious email
Marking emails outside of the company domain as EXTERNAL in the subject line
Actually call up/ask the people who "sent" you the email and verify
Social Media:
Do not respond to company related conversations over your social media and especially outside your sys admin's supervision.
Physical:
Avoid putting unknown flash drives, CDs, etc. into machines on the network
Ensuring anyone coming into the building or sensitive areas has credentials/id's and validate them
Additional measures
in the case of unintentional attacks, include technical enforcement of secure policies so that circumvention through social engineering is effectively impossible.
Be aware of the information you're releasing.
Keep your software up to date.