Contact Us
 
Contact Us

Insights

< Back to Thought Leadership

Building Fraud-Resistant Operations

building fraud resistant operations
May 27, 2026

By Chad Nieter, CPA, Senior Manager at Blue & Co., and Joel Barnett, Technical Account Executive at Blue Pioneer Consulting

Fraud prevention isn’t something leadership can simply hand off to IT and walk away from, and it never really was. The technical safeguards belong with the IT team and always will. What is different now is the way money leaves a business.

Most often, this is through a payment instruction in an email thread or a wire transfer authorized in a hurry. This shift means it’s a finance problem just as much as a technology problem.

The cases we see rarely examine how people picture a cyberattack. Systems are still operational, and no alarms are sounding. While the team is still working on it, the payment has quietly gone out to the wrong bank account. Usually, the issue doesn’t surface for the finance team until the money has already cleared.

Cybersecurity Isn’t Just an IT Problem

The pattern we hear about most often from our banking and insurance partners is that leadership still treats cybersecurity like an IT line item. These incidents almost never come from a piece of IT hardware failing. The attacks come through a stolen email login, a very convincing fake invoice, or someone not following proper protocols for updating vendor information in the accounting system.

Banks frequently see attacks tied to ACH and wire activity, and they expect the same pattern to continue with the newer real-time payment processing services. The common denominator across most cases involves stolen credentials being used to set up or approve a transaction. Going back to basics, such as user entitlement reviews and separation of duties, carries significant weight in preventing these types of breaches.

Once a fraudulent wire is out the door, the recovery options quickly narrow. How much money comes back depends mostly on how fast someone catches it.

Email is the Front Door

All organizations depend heavily on email, and that isn’t going to change. The unfortunate side to the dependency on email is that the attackers know how important it is to the organization. Therefore, they start by compromising the mailboxes of anyone in the organization.

The attacker doesn’t cause a scene. They quietly watch and read emails for weeks or months, sometimes, until they understand the rhythm of payments and how people in the email threads tend to write. When a real invoice or payment conversation emerges, they hijack the email thread with “updated banking details” or a soft note about urgency.

The emergence of easily accessible AI tools has made thieves even more effective and dangerous, as they can easily write very deceitful emails.

Real-Life Example

An attacker has been quietly camped in a vendor’s mailbox for weeks. The vendor sent a perfectly normal invoice. Within an hour, the attacker sends a follow-up note with “correct wire instructions” for the payment.

The attacker is using a well-spoofed email address that even has the correct signature at the bottom to trick the accounts payable (AP) team. The AP team pays based on the new instructions because the conversation seemed reasonable and well-timed, and it even used the same cadence expected by the vendor.

A quick phone call to a trusted vendor contact to verify the change would have caught it, but nobody made the call because it felt normal. Training your team matters, but it shouldn’t be your only line of defense.

What Insurance Carriers Now Expect

Cyber insurance has become another way to hold companies accountable for how they run their processes. Carriers want to see that controls are in place and being followed. Things like multifactor authentication, clear approval steps, and having a real incident response plan are now expected, not just optional.

Many claim issues stem from small discrepancies in routine work, such as when a payment is approved outside the normal process, or a vendor change isn’t verified as it should be. Sometimes, the way a company operates daily is not up to standard when applying for coverage. This causes a more difficult recovery, even if insurance is in place.

Plans Have to Be Practiced

Most organizations have an incident response plan, but that doesn’t always mean they’re ready to use it. When something happens, people may not be sure who should act first or how to move quickly. When plans haven’t been walked through ahead of time, it can be hard to rely on them in the moment.

Simply walking through each step of what needs to take place can make a big difference. It helps teams understand their roles, reinforces how processes should work under pressure, and makes it easier to spot weak points before there is real risk. It also helps to involve the right people early, such as banks, insurers, or IT support.

Acting quickly and in a coordinated way can make a meaningful difference to how much is lost.

The Bottom Line

The companies that handle cybersecurity well aren’t relying on just one tool or control to solve the problem. They make sure the people, the process, and the technology all line up, especially around how payments are approved and how access is managed. That only works when those processes are followed consistently, since small gaps in routine work are often where issues start.

In the end, it comes down to having confidence in how the business transfers its money. If there isn’t a clear process for protecting logins or verifying payment changes, there is still risk in how funds are being sent. The most important part is not complexity; it is consistency and clarity.

Keeping everyone on the same page and ensuring rules are being followed every time are what ultimately protect the organization.

For not-for-profit organizations, protecting public trust means protecting the funds entrusted to them with the same level of discipline applied to any other critical asset. That requires more than awareness. It requires clear processes, consistent execution, and leadership involvement in approving payments, verifying vendor changes, and controlling access.

When those practices are treated as routine, rather than optional, organizations are far better positioned to prevent losses before they occur.

We’re Here to Help 

If you have questions about your cybersecurity strategy, reach out to your local Blue & Co. advisor. We can help assess your current environment and connect you with the team at Blue Pioneer Consulting to identify practical steps to strengthen your defenses.

Share this article

Recent Articles View All Thought Leadership

midwest industrial outdoor storage

Where Opportunity Is Hiding in Midwest Industrial Real Estate

June 12, 2026

By Peter Hillenbrand, Senior Consultant at Blue & Co. Across the Midwest, Industrial Outdoor Storage (IOS) properties are rewriting the rules of commercial real estate. Vacancy rates are averaging near […]

Learn More

Illinois Now Accepting Applications for $28.2 Million in Rural Hospital Transformation Grant Funding

June 05, 2026

The application window for the Rural Health Transformation Program (RHTP) Hospital Transformation Planning Grants opened on May 19, 2026. Illinois’ 97 eligible rural hospitals have until Wednesday, June 17, 2026, […]

Learn More
sell-side transaction advisor

Selling Your Business: Why the Right Sell-Side Advisor Matters

June 01, 2026

By Jonah Gjertson, Senior Consultant at Blue & Co. When considering the sale of your business, regardless of career stage or circumstance, engaging an experienced sell-side transaction advisor can help […]

Learn More
Subscribe to our newsletters.

Facebook

Construction is becoming more connected and more exposed.As firms adopt cloud platforms, mobile devices, and digital workflows, cybersecurity is no longer just an IT issue. It’s an operational risk that can directly impact timelines, budgets, and client trust.This piece breaks down practical, real-world strategies construction firms can implement today, from email security to zero-trust networks and device management.Watch the full video and read the article here: hubs.la/Q04hpJCR0 ... See MoreSee Less
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

Blue & Co. ranked #16 in the Large Business category for the Indiana Chamber of Commerce’s 2026 Best Places to Work awards. Out of more than 150 organizations that participated statewide, Blue was recognized among the top 24 large employers in Indiana.Because the rankings are based on workplace practices and employee feedback, this recognition means even more. Thank you to our incredible team for continuing to build a culture centered on collaboration, growth, and support.Visit our careers page to learn more about opportunities at Blue: hubs.la/Q04hsSyb0 ... See MoreSee Less
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

Quick Links

AICPA SOC Award Banner for Service Organizations | Blue Button
Blue & Co. Logo

Copyright © 2026, Blue & Co., LLC.
All Rights Reserved.

See All Locations

Share this article
Share this article