Cybercriminals routinely attack the education sector, especially K-12 schools. Hackers consider schools tempting targets largely because they:
- Store birthdates, Social Security numbers, and other high-value, sensitive information about staff, students, and parents
- Often lack the budget they need to defend their networks
The Fund’s new cybersecurity grant helps our members purchase proven tools they might not otherwise be able to afford.
On this page
Apply for a grant
How it works
The Fund will award up to $5,000 (but no more than half their overall Fund contribution) to eligible members. Funds will be available via an à la carte menu of items specifically selected to enhance overall organizational cybersecurity.
Back to top
- Recipients must be in compliance with all state cybersecurity requirements.
- Have a designated district cybersecurity coordinator
- Have a district cybersecurity plan
- Meet the annual cybersecurity awareness training requirement
- Recipients must have active Data Privacy and Information Security (cyber) coverage with the Fund.
- Along with cyber coverage, recipients must have at least two additional lines of coverage.
Back to top
The grant application is a simple, web-based form. It should take roughly 10-15 minutes to complete. You will be able to select one of the items below as your desired grant award.
If you want to invest in a cybersecurity resource not on the list, there is a field to describe the planned project in detail and explain how it will enhance your organization’s overall cybersecurity.
Back to top
The application window will run from September 19-November 21, 2022. After the window closes, evaluation of the applications will begin.
Members will be notified of application status within 30 days of the close of the application window.
Back to top
This section provides an overview of tools and services eligible for reimbursement under the grant program. To browse all options, download this comprehensive list.
Cloud backup subscription
It is strongly recommended that districts have an effective backup option. In fact, backups are your best defense against costly ransomware attacks. Considering the wide availability of low-cost cloud solutions for organizational backups, there is no longer a reason for not being able to roll to backups.
Code-protected and encrypted USBs
These USBs are protected with a numeric code. This code is typed in on buttons on the body of the USB. An administrator can reset the code if a user forgets it. Encrypted, code-protected USBs also make it easy to pass sensitive information among authorized users while controlling the risk of it falling into criminals' hands. If a USB is misplaced, nobody who finds it can access the data.
Consultant Audit of Email Security Appliance (ESA)/Firewall/Anti-Virus
The power of utilities within email security appliances (ESAs), firewalls, and anti-virus systems is often underutilized due to improper configuration. Identifying and bringing in a security subject matter expert for these utilities to make sure they are in their best security form could be a game changer for districts that have left them operating in their out-of-the-box state.
Cybersecurity awareness training and phishing simulation
Bundling cybersecurity awareness training with a simulated phishing campaign is a powerful way to target your training to users and topics your organization needs to focus on.
Email Security Orchestration, Automation, and Response (SOAR platform)
A Security Orchestration, Automation, and Response platform (SOAR) solution can help orchestrate your threat response and manage high volumes of malicious emails. This would include automatic prioritization of legitimate emails, machine learning, and enhanced quarantine utilities.
Multi-Factor Authentication (MFA) hardware dongles
Microsoft reports that organizations with MFA are 99 percent less likely to be compromised. Still, many districts struggle with how to implement MFA, as well as the costs associated with implementation. Providing an easily configured, biometric MFA option for districts will ease the transition to an MFA-secured network environment.
One-time vulnerability assessment
A robust vulnerability assessment can help identify any misconfigurations or unpatched/un-updated holes in member networks. Identifying these and implementing an update/patching strategy meets several of the Texas Cybersecurity Framework security objectives as the district develops its cybersecurity plan. Understanding where your vulnerabilities are, and why they were allowed to remain, will improve district cybersecurity.
Password policy enforcer
Windows and other basic operating system-based network solutions often lack the ability to create new policies that reflect developing guidance on password strength. A password policy enforcer enables you to create new policies and requirements for user IDs and passwords, and ensures they are being adhered to by staff.
Professional penetration testing
Penetration testing differs from vulnerability scanning/assessment in that it is offensive in nature. A vulnerability scan will indicate if there are unpatched known vulnerabilities or other network misconfigurations, while a penetration test will attempt to enter your network, and subsequently provide a report on weaknesses and recommend mitigation strategies. Undergoing a robust penetration test will enable districts to further develop their cybersecurity plan.
Subscription to password management platform
Password management systems are far more secure and efficient than handwritten sticky notes hidden under keyboards. You only need to create one strong passphrase to enter the system. From there, it will auto-generate a strong passcode for every system you have access to.
Want to invest in a resource not on the list?
If you want to invest in a cybersecurity resource not on the list, there is a field on the application to describe the planned project in detail and explain how it will enhance your organization’s overall cybersecurity.
If you choose this option, keep in mind that any vendor employed to assist with your project must come from the approved vendor list of either the Texas Department of Information Resources (DIR), or the Cybersecurity and Infrastructure Security Agency.
Back to top