Imagine a scenario where an employee clicks on a phishing link. How would you respond to this incident?