Plan a user awareness campaign, with special attention to the help desk.
Add a bogus question or callback mechanism to your help desk database.
Review your organization's trash-handling procedures; implement better procedures if necessary.
Attempt your own social engineering attack, with the understanding that it can help you identify flaws in your own security.
Think about moving information security functions out of the IT department and into a corporate auditing or corporate-compliance department.