Yes Virginia, there is a Santa Claus. A Christmas greetings

December 24, 2024

It is that time of year. Christmas. I wish you all a happy and holy Christmas and that in 2025 all your hopes and dreams come true. As per my tradition I republish one of the great journalistic pieces on Christmas, Yes Virginia there is a Santa Claus. It struck me when I first read it as an 18 year old and I still marvel at the beautiful prose. It is what all good writing should be; clear, spare and lively. This piece also has a touch of literary fairy dust. To write like this is a noble aim.

Here it is:

Dear Editor,
I am 8 years old. Some of my little friends say that there is no Santa Claus. Papa says “If you see it in the Sun, it is so.” Please tell me the truth, is there a Santa Claus?

Virginia,
Your little friends are wrong. They have been affected by the skepticism of a skeptical age. They do not believe except what they see. They think that nothing can be which is not comprehensible by their little minds.

All minds, Virginia, whether they be men’s or children’s, are little. In this great universe of ours, man is a mere insect, an ant, in his intellect, as compared with the boundless world about him, as measured by the intelligence capable of grasping the whole of truth and knowledge.

Yes, Virginia, there is a Santa Claus. He exists as certainly as love and generosity and devotion exist, and you know that they abound and give to our life its highest beauty and joy.

Alas! How dreary would be the world if there were no Santa Claus! It would be as dreary as if there were no Virginias. There would be no childlike faith then, no poetry, no romance to make tolerable this existence. We should have no enjoyment, except in sense and sight. The eternal light with which childhood fills the world would be extinguished.

Not believe in Santa Claus? You might as well not believe in fairies! You might get your Papa to hire men to watch all the chimneys on Christmas Eve to catch Santa Claus, but even if they did not see Santa Claus coming down, what would that prove?

Nobody sees Santa Claus, but that is no sign that there is no Santa Claus The most real things in the world are those that neither children nor men can see.

Did you ever see fairies dancing on the lawn? Of course not, but that’s no proof that they are not there. Nobody can conceive or imagine all the wonders that are unseen and unseeable in the world.

You tear apart the baby’s rattle and see what makes the noise inside, but there is a veil covering the unseen world which not the strongest man, or even the united strength of all the strongest men that ever lived, could tear apart. Only faith, fancy, poetry, love, romance, can push aside that curtain and view and picture the supernatural beauty and glory beyond.

Is it all real? Ah, Virginia, in all this world there is nothing else as real and abiding.

No Santa Claus? Thank God he lives and he lives forever. A thousand years from now, maybe 10 times 10,000 years from now, he will continue to make glad the hearts of children.

Written by Francis P. Church in 1897

Documents containing personal information found dumped in Northern Territory scrubland highlights

October 17, 2024

In the digital age the common belief is that data breaches involve a cyber attack, disclosure of information on a web site or by an errant email. As the ABC reports in Documents containing personal information of NT residents found dumped in bushland in Darwin rural area data breaches can, and often does, occur through documents being left in public. There have been many instances of records being left in filing cabinets that are then offered for sale, medical records being stored and forgotten or documents being left in public.

In the most recent example the documents left in the bush contained personal information including medical and bank records and phone numbers.  This may constitute a breach of the Privacy Act 1988 by the entity that collected then didn’t dispose of the documents properly.  In this case it involved records created by the Northern Territory Government.

Document management, either in hard or soft copy form, is critically important and quite straightforward if there is decent training and a workable system.  Businesses often do not regularly review what documents they have and ask themselves why they still have personal information that they don’t need.  Medical practices are notorious for holding records of long since deceased patients or individuals who have moved to other doctors or left the Read the rest of this entry »

Attorney General of Texas launches a data privacy and security initiative… Not the usual headline one expects in Texas

June 5, 2024

As if any more proof were required that privacy and data security is not an ideological issue the Attorney General of Texas has announced an initiative to protect “Tex­ans’ Sen­si­tive Data from Ille­gal Exploita­tion by Tech, AI, and Oth­er Companies.”

The press release Read the rest of this entry »

The UK National Cyber Security Centre has released guidance on how to disrupt email compromise attacks

May 22, 2024

The UK National Cyber Security Centre has published a guidance on dealing with attacks on business emails. known as a business email compromise (“BEC”).

BEC involves criminal access to a work email account in order to trick someone into transferring money or stealing valuable or sensitive data. The usual method of entry is by using targeted phishing emails to an individual within an organization.  Standard email spam filters generally do not detect them, especially if they come from a legitimate email account that has already been hacked.

The guidance recommends organizations take steps to make them less prone to BEC attacks including:

  • reducing the digital footprint of senior staff and executives;
  • help staff and users to identify and detect phishing emails;
  • implementing two-step verification for accounts; and
  • applying the principle of least privilege.

These are quite standard issues for privacy professionals but quiet often unknown to organisations.

The press release provides:

Business email compromise (BEC) occurs when a criminal accesses a work email account in order to trick someone into transferring money, or to steal valuable (or sensitive) data. For this reason, BEC attacks are often directed at senior staff, or those that can authorise financial transactions.

Unfortunately, BEC attacks (which are a type of phishing attack) are on the increase. A recent government report on cyber attacks revealed that in 2023, 84% of businesses and 83% of charities have experienced a phishing attack in the past 12 months.

The goods news is that the NCSC has recently published new guidance on BEC that includes practical steps that will reduce the likelihood of your organisation suffering from a BEC attack. It is specifically aimed at smaller organisations who might not have the resources (or expertise) to implement the NCSC’s existing guidance on phishing attacks in full. Read the rest of this entry »

Australian Police link over 11,000 cyber crimes to the Medibank breach.

March 17, 2024

The Medibank breach was a seminal moment in Australian privacy and data security history. Together with the Optus breach it affected almost half the country’s population. It also highlighted the lax state of cyber security of large companies; minimal data security overall, a focus on perimeter defences over in depth defences, dreadful storage and security of data policies and retaining data long after they are required. But it is the knock on effect of . Itnews reports in Australian police link “over 11,000 cybercrime incidents” to Medibank breach . The knock on effect.  It is that consequential damage that regulators need to be constantly aware of when deciding how to enforce the legislation. Unfortunately in Australia a light touch enforcement has meant that the culture about data security at the board room level is still woefully lax, despite protestations to the contrary.  As a result data breaches are quite regular and escalating in frequency.

The article Read the rest of this entry »

Federal Trade Commission takes action against Blackbaud for inadequate security practices, seeks orders for it to delete unnecessary data

February 14, 2024

The Federal Trade Commission has taken action action against Blackbaud and required it to delete personal data that it does not need. The genesis of this outcome was the poor security practices that let a hacker access a trove of sensitive personal information in 2020, much of it which should not have been kept.  The FTC set out the multiple Blackbaud transgressions; failing to segment data, failing to have multi factor authentication and not notifying customers of the breach.  In this case, as in many others, a data breach doesn’t reveal one flaw but usually a system wide failure. 

The media release provides:

South Carolina-based Blackbaud Inc. will be required to delete personal data that it doesn’t need to retain as part of a settlement with the Federal Trade Commission over charges that the company’s lax security allowed a hacker to breach the company’s network and access the personal data of millions of consumers including Social Security and bank account numbers.

In its complaint, the FTC says that Blackbaud, which provides data services and financial, fundraising, and administrative software services to companies, nonprofits, healthcare organizations, and others, failed to implement appropriate safeguards to secure and protect the vast amounts of personal data it maintains as part of the services it provides to its clients.

“Blackbaud’s shoddy security and data retention practices allowed a hacker to obtain sensitive personal data about millions of consumers,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “Companies have a responsibility to secure data they maintain and to delete data they no longer need.”

The FTC says that, despite promising customers that it takes “appropriate physical, electronic and procedural safeguards to protect your personal information,” Blackbaud deceived users by failing to put in place such safeguards. For example, the company failed to monitor attempts by hackers to breach its networks, segment data to prevent hackers from easily accessing its networks and databases, ensure data that is no longer needed is deleted, adequately implement multifactor authentication, and test, review and assess its security controls. In addition, the company allowed employees to use default, weak, or identical passwords for their accounts, according to the complaint.

As a result of these failures, a hacker in early 2020 accessed a customer’s Blackbaud-hosted database, according to the complaint. Once logged in, the attacker was able to freely move across multiple Blackbaud-hosted environments by leveraging existing vulnerabilities and local administrator accounts and creating new administrator accounts, according to the complaint. The breach went undetected for three months, allowing the hacker to remove massive amounts of unencrypted sensitive consumer data belonging to Blackbaud’s customers. Read the rest of this entry »

Yes Virginia there is a Santa Claus

December 25, 2023

As per a long standing tradition I with all a very happy and holy Christmas with a one of the most wonderful odes to Christmas, Yes Virginia there is a Santa Claus. As a piece of prose it is superlative writing.  An economy of words which captures  the message of hope and optimism.  There is a wonderful story behind it with an 8 year old seeking advice and Virginia going on to live a wonderfully productive life.

I wish you all a wonderful Christmas and hope you approach 2024 with all the hope and optimism of the Yes Virginia editorial from all those years ago.

The letter provides:

Dear Editor,

I am 8 years old. Some of my little friends say that there is no Santa Claus. Papa says “If you see it in the Sun, it is so.” Please tell me the truth, is there a Santa Claus?

Virginia,

Your little friends are wrong. They have been affected by the skepticism of a skeptical age. They do not believe except what they see. They think that nothing can be which is not comprehensible by their little minds.

All minds, Virginia, whether they be men’s or children’s, are little. In this great universe of ours, man is a mere insect, an ant, in his intellect, as compared with the boundless world about him, as measured by the intelligence capable of grasping the whole of truth and knowledge.

Yes, Virginia, there is a Santa Claus. He exists as certainly as love and generosity and devotion exist, and you know that they abound and give to our life its highest beauty and joy.

Alas! How dreary would be the world if there were no Santa Claus! It would be as dreary as if there were no Virginias. There would be no childlike faith then, no poetry, no romance to make tolerable this existence. We should have no enjoyment, except in sense and sight. The eternal light with which childhood fills the world would be extinguished.

Not believe in Santa Claus? You might as well not believe in fairies! You might get your Papa to hire men to watch all the chimneys on Christmas Eve to catch Santa Claus, but even if they did not see Santa Claus coming down, what would that prove?

Nobody sees Santa Claus, but that is no sign that there is no Santa Claus The most real things in the world are those that neither children nor men can see.

Did you ever see fairies dancing on the lawn? Of course not, but that’s no proof that they are not there. Nobody can conceive or imagine all the wonders that are unseen and unseeable in the world.

You tear apart the baby’s rattle and see what makes the noise inside, but there is a veil covering the unseen world which not the strongest man, or even the united strength of all the strongest men that ever lived, could tear apart. Only faith, fancy, poetry, love, romance, can push aside that curtain and view and picture the supernatural beauty and glory beyond.

Is it all real? Ah, Virginia, in all this world there is nothing else as real and abiding.

No Santa Claus? Thank God he lives and he lives forever. A thousand years from now, maybe 10 times 10,000 years from now, he will continue to make glad the hearts of children.

Written by Francis P. Church in 1897

.

DP World confirms that employee data was stolen during cyber attack

November 29, 2023

The DP World data breach caused major disruption at Australian ports around 13 November 2023 . There was no mention of personal information being accessed. Now the ABC reports in DP World Australia confirms employee data was stolen during cyber attack, warns of further freight delays ahead of Christmas rush that the personal information had been accessed.There is nothing on its website.  This knkowledge would have been in DP World’s possession for some time.  Often these late announcements immediately proceed an organisation finally notifying staff whose personal information was accessed.  It follows a poor practice play book.

The article Read the rest of this entry »

Major cyber attack on IT provider affects dozens of UK law firms. Another salient warning that law firms

Australian privacy and cyber security operators, or anyone who follows the news found at the front of the paper, doesn’t need to be told of law firms being a prime target of cyber attacks. The HWL Ebsworth data breach was one of the big data breaches of 2023. Given the firm had a large Government practice it is not surprising that the data breach affected personal information it held in its work for 65 government agencies.  It is also a salient example of the cobblers children going shoeless.  Its response to the data breach has been quite poor.

A reminder that  this is a chronic threat is an article titled Cyberattack on IT provider CTS impacts dozens of UK law firms.  The mode of the attack is familiar, through a third party provider with authorisations and poor cyber security.  Here the Read the rest of this entry »

Optus and its system crash highlights the need for a plan to explain, empathise and explain some more when things go wrong. A basic part of a response when there is a data breach which is usually ignored or messed up

November 9, 2023

The 12 hour collapse of Optus’s services showed that it has learnt little on how to respond to a catastrophic event, at least in talking to its customers. Optus executives effectively made themselves into a ball and hoped 10 million customers were happy to have the day off. The by product of this major fail was the reports about how it has not learnt from its data breach fiasco where the information flow was slow and sparse. The Australian’s article Has Optus learned from the cyberattack playbook? is fairly typical. It is quite amusing to read columnists lately stumble upon this basic need to be transparent with customers.

The thing is that issuing statements of bad news following a data breach has become a sophisticated exercise in the United States and should be treated seriously in Australia. Unfortunately it isn’t. I have been writing on the importance of Read the rest of this entry »

Verified by MonsterInsights