Intelligence in CISO's Corner + Improving Cyber Hygiene

Protecting K-12 Schools: Tackling Top Cyber Risks with FCC's $200M Cybersecurity Pilot Program

The largest cybersecurity threats to schools are currently phishing and malware.

According to K-12 Dive, we saw a 393% rise in ransomware attacks against K-12 schools between 2016 and 2022. This is because schools are what CISA describes as 'target rich' and 'cyber poor.'

Between faculty and students, there are a large number of devices to manage and keep secure. Combined with the small or non-existent security budget that schools are given, it makes them an easy target for bad actors. Luckily, eligible schools can now use the FCC Pilot Program grant to bolster their cybersecurity program and start defending themselves against these attacks.

So how should schools spend their FCC cybersecurity budget?


Schools need to find security tools that provide the most bang for their buck and stop the most common attacks they will face. The FCC stipulates that the Pilot Program money must be spent on tools in these four categories:

Advanced/Next-Generation Firewalls

Endpoint Protection

Identity Protection and Authentication

Monitoring, Detection, and Response

K-12 schools with a small cybersecurity budget, grant, or size should consider purchasing the following tools or resources:

Anti-Virus/EDR/MDR: An endpoint protection solution provides a significant amount of value and comes at a relatively low cost given the amount of protection it provides. Endpoint protection defends against ransomware and malware by constantly monitoring the device for threats and stopping them as they appear.

Multi-Factor Authentication (MFA): Implementing MFA is relatively inexpensive and prevents unauthorized users from accessing accounts that don’t belong to them. MFA can prevent attacks like stolen credentials, phishing, privilege escalation, and more.

Email Security: Implementing an email security solution can protect from phishing, spam, malware, and compromises via email. This is especially important for schools due to the large number of students and staff that have email accounts, and often lack proper security awareness training.

Backups: Backing up critical assets and information systems can help restore availability when recovering from a cybersecurity incident or natural disaster. Performing backups can often be pricey but having tested and immutable backups in the event of a ransomware attack can increase recovery times dramatically and prevent schools from paying the ransom.

Vulnerability Scanning: Purchasing a vulnerability scanning tool will provide system administrators with the needed information to identify and remediate critical vulnerabilities before they can be exploited. This tool is needed to manage the “target rich” environment that schools have become.

Next-Gen Firewalls: While expensive, advanced firewalls provide a robust set of features that include Deep Packet Inspection (DPI), Network Intrusion Detection Systems (IDS), Network Intrusion Prevention Systems (IPS), and more. Putting a firewall in place helps define network perimeters and protect assets from malicious network traffic.

Virtual Chief Information Security Officer (vCISO) / Security Team as a Service (STaaS): A vCISO or a security team can help your school manage your cybersecurity program. We work hand in hand with your current IT personnel to help implement cybersecurity tools, manage vulnerabilities, develop policies, and any other needs you may have.

K-12 schools with a larger cybersecurity budget, grant, or size should consider purchasing these more expensive cybersecurity tools or assessments:

  1. Security Information and Event Manager (SIEM): SIEM solutions aggregate logs from across the environment and alert when there is anomalous activity recorded. This can help monitor and respond to incidents very quickly.
  2. Penetration Test/Risk Assessment: Conducting a penetration test or risk assessment can help point out key points of weakness and allows for the remediation of vulnerabilities or insecure processes. Echelon also offers both of these services as well!
  3. Data Loss Protection (DLP): A DLP tool can help schools identify, classify, and protect sensitive data from exposure. This can be essential for safeguarding PII for students and staff.

The Bottom Line on the FCC’s Cybersecurity Pilot Program for Schools


Overall, the FCC’s Pilot Program will greatly assist K-12 schools in upgrading their cybersecurity program and providing students and staff the privacy they deserve. But key decision makers at each school need to be informed on how to get the most value out of the grant, so each recipient can benefit as much as possible. For further help on how to select and implement these cybersecurity tools and resources, reach out to Echelon and we can assist you in finding a solution that suits you best.

Are you ready to get started?