There are different ways this can happen. The link may bring the user to a malicious site hosted by the attacker and then malware is automatically downloaded. Networks may have security measures put in place to help stop this but they also may not.

When things like that are initiated from inside the network it can bypass security measures because users still need to visit web sites and download things. You can not just stop normal use.

Once the malware is downloaded it might make a connection back to the attacker so they can access the network. It could be a worm that does not need human interaction and spreads itself through the network. Lots of things like that can happen.

There is no fool proof way to avoid links. You can be cautious though. Look at the full picture. Did the link come from a unknown email? Or a email from the organization but it is worded weird ex: "Hey friend co worker of mine! Good days to you and yours. Please click link for the fun I talked about".

Virus total is a good website to use. You can paste the url on the site and they will give you a score on how malicious it is and if it is known to be malicious. That is always helpful for a quick check.