Skip To Content

15 Budget-friendly Cybersecurity Tips for Schools


Your organization’s finance professionals make tough, sometimes unpopular, decisions come budget season. Funneling funds to one initiative could mean scaling back, postponing, or eliminating other initiatives. Here are 15 simple, budget-friendly tips that will help fortify your digital defenses.

1. Develop a Culture of Cybersecurity

In organization's that have established a culture of cybersecurity, protecting sensitive data is a value that never gets compromised. The process starts with leadership commitment.

2. Never Share Login Credentials

A password management system eliminates the need to write passwords and account credentials down and reduces the risk of them falling into the wrong hands. Remind employees to be careful about entering passwords or PINs or viewing sensitive information in public places. Criminals could be looking over their shoulders.

3. Use Public Wi-Fi Sparingly

It’s common for coffee shops, libraries, and other public places to provide free Wi-Fi. It’s also common for free Wi-Fi to be unsecured, so avoid using it for sensitive business.

4. Back Up Your Data

Back up your data regularly and ensure that backups are viable. New ransomware hunts for on-premise backups to lock up, so consider off-site, off-line, or powered-down data backups for better protection.

5. Don’t Take the Bait

Cybercriminals sometimes pilfer district funds by posing as legitimate vendors, contractors, or even district staff. Pay attention to strange email or phone call requests that appear to be from a person or business you know. When in doubt, contact the sender through an alternate method and report the suspicious request to your IT/security staff. 

Resource: Share this phishing cheat sheet with your finance professionals.

6. Enable Multi-factor Authentication (MFA)

Enable MFA on business and personal accounts to receive authentication codes via SMS or secondary email.

7. Use Passphrases

We all know the importance of creating strong, unique passwords; we’re just not very good at it. Let’s say you choose a seemingly random password like "aaaaaaa." A human probably won’t crack it quickly, but a computer will—in about 10 milliseconds. Consider using passphrases instead.

8. Lean on Data Loss Prevention

Employees are your first line of defense against cybercrime. No matter how informed and prepared your team is, however, cybercriminals constantly find new ways to attack. Their schemes often rely on human error. Data loss prevention tools help ensure that when employees make mistakes, technology has your back.

9. Run Annual Cybersecurity Drills

Preparing for a worst-case scenario will enable your staff to respond quickly and effectively. The faster you act, the better off you’ll be.

10. Vet Your Vendors

Even if your district maintains strong cyber-defenses, your network could be at risk if your vendors don't do their part. Vet your vendors to ensure they are reputable and will protect your data. Take the next step by entering data protection/privacy agreements with vendors.

11. Tap Into Information-Sharing Networks

The K12 SIXTexas Information Sharing & Analysis Organization, and other information-sharing organizations provide forums for districts to alert each other about cyberthreats and share best practices.

12. Use a VPN for remote work

It’s especially important to use a virtual private network (VPN) if you’re on public or unsecured Wi-Fi. VPNs provide a layer of encryption that could prevent network compromise.

13. Patch Your Software

Ensure there is an automated or manual policy for installing updates and patches to your anti-virus, operating systems, and other software platforms as soon as they’re available. Remember, you’re only as secure as your most recent update.

14. Get the Most from Security Platforms

Make sure your antivirus, firewall, and email security appliance are up-to date, configured correctly, and most of all, turned on.

15. Segment Sensitive Information

Talk to your IT team about departments that work with sensitive information. If possible, provide a distinct, more- secure network segment for those departments. The fewer people who have access, the safer the data.

Bonus Tip Exclusively for Fund Members

Fund members with Privacy and Information Security coverage benefit from expert support at no additional cost. Let us train your team to build a state-mandated cybersecurity plan, avoid common scams and attacks, and recover from incidents.

Editor's note: This article was originally published in November 2021. It has been updated for accuracy and comprehensiveness.

Lucas Anderson headshot
Lucas Anderson
Privacy and Cyber Risk Consultant

Lucas Anderson joined TASB Risk Management Services in 2019, bringing more than a decade of experience in cybersecurity, network administration, and information technology. He advises districts on preemptive mitigation against ongoing and emerging cybercriminal threats targeting the education sector, as well as cybersecurity-related regulatory compliance. 

Over his career, Anderson has supported public and private organizations, including Booz Allen Hamilton, the White House Office of Management and Budget, the Department of Defense, and the Texas Association of Counties. 

Get the Inside Scoop

Want to receive our newsletter and training emails? Sign up to get the latest risk management information that will help you succeed.