Rethinking K-12 cyber strategies amid federal budget cuts

Key points:

• Practicing cyber hygiene is a continual endeavor
• K-12 cyberattacks threaten data–and students
• Phishing attacks are evolving, but schools can fight back
• For more on K-12 cybersecurity, visit eSN’s IT Leadership hub

The recent suspension of the K-12 Cybersecurity Government Coordinating Council marks a pivotal shift in how the nation’s public school systems manage cybersecurity. Previously, this council played a key role in coordinating federal resources, sharing threat intelligence, and aligning security efforts across districts. Its absence now places greater responsibility on school districts, which are already grappling with rising ransomware attacks, limited IT staffing, and constrained budgets–all while trying to maintain a safe, uninterrupted learning environment.

Yet within this challenge lies an opportunity. Without relying solely on top-down guidance, K-12 leaders can adopt cybersecurity strategies that are tailored, agile, and integrated into broader operational planning. By rethinking their approach, forming regional partnerships, and prioritizing foundational cyber hygiene, districts can not only enhance their security posture but also streamline IT operations and reinvest in core educational outcomes.

The new reality for K-12 cybersecurity

The decentralization of cybersecurity support can offer a chance to direct funding more effectively to where it’s most urgently needed, as federal cybersecurity dollars historically haven’t always reached the schools they’re intended to help. By shifting funding toward the frontlines, districts can make immediate and measurable impact.

This transition will not be seamless. Some states may move to establish new frameworks resembling the recently paused federal structures, while others may pursue leaner, more efficient models emphasizing autonomy, rapid resource allocation, and local empowerment. However, the reality is that many districts and states aren’t yet equipped with the people, processes, or technology required to manage this responsibility alone. Bridging these gaps will take time, coordination, and support from state and regional networks.

Strategic adaptation through smarter investments

Many school districts still rely on aging infrastructure, which often introduces security vulnerabilities. Asking them to secure their systems without the right tools is like asking a small-town police department to stop a bank heist with only a whistle and flashing light.

For too long, prevention has been seen as the gold standard of cybersecurity. In today’s threat landscape, prevention alone is no longer a reliable measure of resilience. According to a recent study, “desktops and laptops remain the most compromised devices (50 percent), with phishing and Remote Desktop Protocol (RDP) cited as top entry points for ransomware. Most attacks moved across the network to infect other devices. In over half of these cases (52 percent), attackers exploited unpatched systems to move laterally and escalate system privileges.” This underscores the importance of having a cyber strategy focused on containment in place. Even with legacy systems, school districts can improve their cyber resilience by ensuring that their systems and data remain protected, and that operations continue uninterrupted, even in the face of inevitable attacks and breaches.

The first step in building a successful cyber strategy is understanding what you already have. Through targeted infrastructure reviews, districts can conduct a thorough inventory of their assets–identifying which systems, applications, and data are running, and which are most critical to daily operations. From there, they can identify redundancies, streamline systems, and modernize with intention. IT teams should also map enterprise traffic and evaluate unusual or unnecessary connections: Which servers are communicating externally? Should they be? How is data moving, and who has access?

Threat actors aren’t waiting for schools to adopt a decentralized approach to cybersecurity–they’re finding and exploiting vulnerabilities today. By taking incremental but intentional steps to strengthen resilience, school districts can not only improve their security posture but also realize savings. These savings can then be strategically reinvested into both cybersecurity initiatives and classroom technologies that directly support teachers and students.

The power of collaboration in a decentralized landscape

In the absence of centralized federal coordination, collaboration has become more critical than ever. Collaborations with state IT offices, educational service agencies, and Information Sharing and Analysis Centers (ISACs) offer access to shared services, expertise, and real-time threat intelligence, which otherwise may be difficult to build independently.

Take the Texas Education Agency’s K-12 Cybersecurity Initiative as one example: It focuses on safeguarding Local Education Agencies (LEAs), especially in rural areas, from major incidents like ransomware. These collaborations extend district capabilities without added complexity.

Additionally, good cyber hygiene must extend beyond just state and local IT leaders. Having staff and students adopt daily cyber practices can offer high-impact protection efficiently, creating a baseline of cyber hygiene that significantly lowers risks. Here are some ways schools can build a strong cyber hygiene foundation:

• Start with awareness: Provide short, engaging training modules on phishing, password security, and common cyber threats.
• Implement multi-factor authentication where possible: Prioritize multi-factor authentication for staff accounts and administrative systems.
• Establish patch routines: Set a regular cadence for updating and patching systems, even on legacy infrastructure.
• Create strong password policies: Outline what a strong password entails and discourage reuse of passwords across accounts.
• Make it part of the culture: Integrate cybersecurity topics and trainings into teacher workshop days and, where appropriate, into curriculum for students.

It’s critical to recognize that these practices do not just occur once. Practicing cyber hygiene is a continual endeavor. In the end, regularly practicing cyber hygiene enables team members to shrink the attack surface and more readily adapt to evolving threats. From superintendents to students, everyone has a role to play in defending student data and digital learning environments.

Securing the future, one district at a time

Education leaders must rethink how they manage cybersecurity risk–not as a compliance exercise, but as a strategic imperative. By proactively planning, investing in foundational practices, and collaborating with trusted partners, districts can build long-term resilience. In doing so, they ensure that educators are free to focus on what matters most: delivering secure, uninterrupted learning experiences to every student, every day.

About the Author:

Gary Barlet is the Public Sector Chief Technology Officer for Illumio.