Clay County Sheriff’s Office Facebook page was hacked in November 2021 and the culprits were traced halfway around the world. Sarah Boyd shares her experience as the Public Relations Manager for the Sheriff’s Office when this happened. This session looks at the incident timeline, response strategies, lessons learned, and the broader context of social media security, shedding light on the challenges law enforcement agencies face in the digital age.
Prior to her role with Clay County, Sarah previously worked at the Kansas City Missouri Police Department, where she created and managed the department’s social media platforms and worked on other public and media relations duties. Sarah was named an International Association of Chiefs of Police 40 Under 40 in 2019.
Specifics covered in Sarah’s discussion include:
- An overview of Clay County, Missouri, and their Sheriff’s Office.
- The state of their Facebook page when the hack happened – the number of followers, who has administrative access, and the level of security of their page.
- How the hack was discovered in the middle of the night.
- The immediate actions Sarah and Capt. Jon Bazzano did to minimize the potential damage, trace what happened, seek help from fellow PIOs, report the incident to Facebook and the FBI, and reach out to a Facebook contact person.
- What Capt. Jon Bazzano did to identify the profiles that gained control of the page and how he regained control of the account.
- Examples of similar hacking cases in the Putnam County Sheriff’s Office and Summerdale Police Department and the apparent lack of support and assistance from Facebook and Meta in these incidents.
- How layoffs in tech companies like Facebook/Meta and Twitter/C are impacting public safety’s social media presence.
- The aftermath of the Clay County hack in terms of:
- The public concern and the internal notification made to inform everyone within the agency and appease everyone who reaches out about the hacking incident that it is being resolved.
- The media inquiries and the need to clarify speculations from the media that the Sheriff’s Office didn’t take cybersecurity seriously.
- The social media updates posted to inform the followers of what is being done to address the hacking incident.
- How the lack of cooperation from Facebook, the lack of resources of the FBI, and the absence of financial impact of the hack led to the case being not thoroughly investigated.
- The profiles of the culprits and the possible motivations and reasons for Clay County being targeted.
- Case examples that demonstrate different approaches in hacking incidents and potential motivations behind targeting public safety entities.
- Lessons learned that emphasize the importance of:
- Vigilance in terms of cybersecurity – strong passwords, multi-factor authentication, phishing methods, and the dangers of public Wi-Fi.
- Backups – to access a hacked account and reach the audience through other platforms.
- Leveraging the media to inform the public and clarify what happened.
- Having human contacts in social media and tech companies to better resolve hack incidents.
Points raised during the Q&A are about:
- Challenges faced by agencies trying to regain control of their hacked social media pages.
- Why some law enforcement agencies are considering shutting down their social media pages.
- Getting contacts in the social media companies through networking and connecting with Silicon Valley PIOs.
- The use of TVEyes, a media monitoring service.
- Whether having a verified account can help avoid hacking incidents.
Other webinars with this Presenter
- Nov 2: Surviving a Social Media Hack (this webinar)
- Jan 30, 2024: Out-of-the-Box Ideas for Community Engagement
Audience Comments
- “Many examples, lessons learned. Thank you!”
- “It was interesting to hear about this topic but I was getting the feeling that if this happens, we can try our best to restore our pages but they’re not guaranteed and it’s a little nerve-wracking to know that we may do everything right and still be susceptible to a hack. I did not feel as though there was a lot to protect us from these situations. I will definitely be changing my passwords and ensuring I have more protection.”
- “A good reminder re: capturing and keeping info on the original author of the platform page(s). Agree that two-factor auth is essential!”