An organization is experiencing a rise in phishing email attacks. Which method should be implemented to protect employee credentials?