In order to protect against email phishing, what should companies frequently remind employees to do before clicking on links in unsolicited messages?

To effectively guard against email phishing, reminding employees to contact the sender directly to verify the authenticity of unsolicited messages is crucial. Phishing attacks often involve fraudulent emails that appear to come from legitimate sources, tricking individuals into clicking on malicious links. By verifying directly with the sender, employees can ascertain whether the email is genuine before taking any action. This approach empowers employees to critically evaluate suspicious communications, significantly reducing the risk of falling victim to such attacks.

While the other options may contribute to overall security practices, they do not specifically address the immediate concern of handling unsolicited emails. Using only company devices, for instance, can help in maintaining security, but it does not specifically mitigate the risk associated with phishing emails. Changing passwords regularly is a good security habit, but it does not prevent someone from initially clicking on a phishing link. Similarly, upgrading firewall settings can enhance network security but does not directly provide guidance on how to handle suspicious email communications. Therefore, emphasizing the verification of unsolicited messages is the most direct and effective strategy to combat email phishing.