Farzia Khan holds an important job at TD: She helps arm the Bank’s customers and colleagues with the knowledge to help safeguard themselves from cyber threats.
As leader of the Cybersecurity Awareness Team at TD, Khan oversees programs and activities that educate TD colleagues, customers, and the broader community about how to stay safe and help protect their personal information in the digital realm.
“My role involves shaping strategies and campaigns that make complex cyber risks easier to understand and actionable for everyone,” she said.
Khan said this is all part of fostering the Bank’s “cyber guardian culture,” which she describes as an approach that says everyone who works at TD is responsible for being mindful of their own cybersecurity — and often that of other people, including customers.
“This means we act as the cyber guardians of our customers, our colleagues, and the Bank’s assets," she said. "In my role, I help foster this culture by making cybersecurity education accessible and engaging all year round— and, through initiatives like our Cyber Month activities.”
With October being Cyber Month across Canada and the United States, it’s a busy season for Khan and her team as they lead a multi-channel cyber literacy program to help educate customers across the Bank's many touchpoints – from in-branch screens to email campaigns to social media posts and articles.
Within the Bank, to build on TD colleagues’ knowledge, there are panel discussions, quizzes, contests, videos, and even phishing simulations that land right in their inboxes (more on that later).
The aim is to “encourage all our colleagues to take ownership of their digital safety,” said Khan, who has worked in Toronto for TD since 2021.
“I believe by empowering people with knowledge, we create this collective shield that strengthens our overall security posture.”
Thriving in a challenging, male-dominated field
Part of what makes cybersecurity awareness a challenging field to work in is the fact that technology is accelerating the evolution of cyber threats, making it crucial for cyber security experts to stay one step ahead of cyber criminals.
“Cyber fraud is becoming increasingly sophisticated as technology evolves,” said Khan. “The rise of artificial intelligence (AI), deepfakes, and other emerging technologies are what her group needs to contend with and educate colleagues to be aware of.”
With a degree in computer science as well as a CISSP certificate — the gold standard in cybersecurity certifications — Khan commands the kind of technical knowledge that makes her a formidable foe to cyber criminals. Yet as a woman working in a male-dominated field, it isn’t always easy to receive recognition in the industry. But Khan said that at TD, she feels her work is acknowledged and valued.
Khan credits her boss, who’s also a woman, for supporting her growth at the Bank. She said that she supports her career and has empowered her to pursue her ideas and passion projects.
“She has really trusted me to take the lead and make an impact,” Khan said.
“I see being a woman in cybersecurity as an advantage because I think it gives me a unique perspective. Diverse teams bring a range of experiences to the table, and that's critical in a field like cyber [security and literacy], where creative problem solving is key.”
The human side of cybersecurity
For people like Khan who are focused on cybersecurity and literacy full-time, she said the reward is knowing that she is helping people avoid the pitfalls of digital scams, and the financial damage they can cause. While every day may present a new challenge, Khan said the pace keeps her on her toes.
“TD adopts a very proactive and in-depth approach to cybersecurity, which means that it is not just relying on one layer of defence, but multiple," she said.
"I believe protecting people against cyber fraud is not just about technology. It is also about people, which is why we place a strong emphasis on cyber education.”
Phishing for resilience
For Diya Gohil, practical experience is often the best teacher.
Throughout the year, Gohil, Information Security Specialist, Cyber Protection Readiness and Assessment, and her team send simulated phishing messages to colleagues across TD. These are realistic-looking messages that look like a hacker’s attempt to sending deceptive email. These tests are designed to mimic what they would see from a real phishing attempt in their inbox, she said.
“At the end of the phishing simulation we share a recap of what the flags were to all colleagues to ensure they understand what to look out for,” Gohil said.
How does one spot a phishing attempt? Gohil lists off a few common telltale signs: logos and brand colours that look wrong or inconsistent, urgent messaging that plays on the recipient’s fears, and above all, URLs that do not match the official ones of the organization that is purportedly sending the message. (Learn more about phishing prevention here.)
Once equipped with knowledge to help defend against phishing and other scams, TD colleagues can spread their cyber literacy lessons to others, including customers — for example, when they visit a branch. Gohil said she helps build TD colleagues’ confidence in recognizing fraud and becoming guardians of cybersecurity so that everyone – no matter which part of the organization they work in – can play a part in helping to protect customers and the Bank.
“I help to foster a culture of personal responsibility here at TD, helping people feel comfortable with their cyber literacy and wanting to share their knowledge with others," Gohil said.
To help create the scenarios that are as realistic as possible, Gohil and her team keep up with cybersecurity publications, and technology news in general, and work with teams across TD to create scenarios using the latest information and trends to inform the simulations.
One trend Gohil mentions is the increased use of QR codes in phishing emails, and in scams in general. Would-be fraudsters try to trick their targets into scanning codes that lead to malware downloads.
“The bad guys, they are always coming up with something new. That gives me the opportunity to learn and challenge myself, whether it be taking on a new technology, pursuing a certification,” Gohil said.
Having started at TD as an intern in 2018, Gohil has moved through several roles — starting in technology solutions as a TD Associate, working as a business systems analyst, and then an enterprise protect role that introduced her to cyber security. She credits the culture at TD for supporting her curiosity and passion for learning, along with leaders being supportive and encouraging, as she continues to progress in her career at the Bank.
Passing cyber literacy forward
What is Gohil’s advice for anyone who wants to start building their own anti-fraud resilience this Cyber Month?
First, if you do fall victim to a scam, do not be ashamed — it happens to lots of people, some of whom are technically very savvy. Use the experience to help others.
“Be willing to talk about it with other people to help them (hopefully) not fall for the same scam,” she said.
And to help avoid scams in the first place, be careful when reacting to messages.
“Taking a couple seconds to stop and think goes a long way. Moving quickly is often what gets people to fall for something.”
"It's essential to stay aware of the latest scams and continuously update security measures. And practise good cyber hygiene in general — whether that is using multifactor authentication or regularly changing passwords. The cyber threat landscape is always changing."