Employees should report suspected phishing to the CyberSecurity Operations Center.