Here is what's been successful for us:

• Try to discuss things that could impact their personal lives, like online banking, stolen email creds etc and how that would impact their personal lives. This seems to get people to listen and pay attention. After they're listening you can explain how these same tactics can impact your business.
• I've found that live demo's that aren't too technical but prove a point are very effective. Using the sound recorder or web cam modules in metasploit are perfect for this. We've noticed that people begin to really pay attention when they see this.
• Keep your meeting short and sweet, otherwise no one will take anything away and it will be a waste of time. Try to drive home a few points but don't over saturate them.
• A little paranoia can go a long way, but don't scare them.

Bottom line for us is trying to "hook" the audience early so our users actually might learn something and become a little less risky on the network   These things have been very effective for us.

I agree social engineering is I would say the most affective way to get access. As humans we alway want to trust people and sometimes are afraid to ask question we just take people for face value.

I agree with cd1zz comments I think the training process is a life cycle and should alway try keep employee on there toes about the subject.

Live demo and trying to map the situation to them is a good way to get the message across.