Seriously, the default rules provided by mikrotik are safe out of the box..............
When you get ready to add to the firewall rules for other user requirements, come back and describe what you wish to accomplish and we will ensure you are on the right track.
For gods sake dont start reading youtube videos or reddit post and create a bloated monster!!!
In terms of how to prevent users from screwing up via email phishing or other stupid moves, well the router cannot police that realistically.
However i can recommend this approach which is not $$ and blocks attempts by users to reach many bad sites, which I think may be your concern.
https://itexpertoncall.com/promotional/moab.html ( run by a poster here and is very good, and I have no affiiliation with said person )