Exercise 3: Your Verification Gap

For the three most common types of unexpected requests you receive — think about the categories that actually happen in your world, not theoretical ones — do you have a verification process that doesn't rely on the authenticity of the incoming message?

If you regularly receive requests for approval on financial actions, do you have a separate, channel-independent way to verify what's actually being approved? If you receive requests for credential changes or password resets, do you have a process that doesn't depend on trusting the email or message asking you to do it? If you receive requests to share sensitive information, do you have a way to verify what's actually needed?

Write down the three most common types of requests. For each one, design a verification step now. Make it specific: not "I'll verify it," but "if I receive a request for a wire transfer via email, I will call the sender on their direct line using a number I already have, and I will ask them to confirm the amount, the account, and the reason." The more specific the process, the more likely you'll actually follow it when a real request arrives.

This exercise is about closing gaps. Many people have verification instincts but no actual process. A process means you don't have to think about it in the moment — you just follow the step.