These again, requires the person to actually click something, how do you get them to click on something is your first obstacles.
Even security experts are tricked into clicking on a link by accident from time to time. You are very mistaken into not realizing how vulnerable we all are when connected to the WAN. This is why I and other professionals use "sneakerware" or air gaped security.
Also the delegate's web browsing device is probably not even the same as their node device, which means all your phishing efforts might be useless.
Once one computer is infected than everything is vulnerable. A worm can travel and infect any device connected on your LAN and any thumb drive and external that is briefly connected to your infected machine. Even if you use an encrypted password manager a hacker can grab screenshots, viewing your copy paste history , or a key logger and will find all your passwords. You are done.