How would you respond if you woke up this morning to a ransomware threat or hack against your school? Are your cybersecurity policies able to meet the challenges head-on? What needs to be proactively improved to become more secure? And most importantly… how will you pay for the needed changes you need?

In terms of finding more funding for your school’s defense, there are some great grant programs available to improve security. Private companies, as well as state and local governments, have opportunities to help K12 schools and higher education institutions around the country address their cybersecurity risks head-on so they can focus on what matters most: teaching the leaders of tomorrow. 

What Are Cybersecurity Grants?

Cybersecurity grants for schools are financial awards provided by governments, organizations, and companies to help schools improve their cybersecurity posture and protect their students, staff, and data from attacks. These grants can be used for a variety of purposes, such as:

• Implementing cybersecurity technologies: This could include purchasing firewalls, intrusion detection systems, and other security software and hardware.
• Training staff and students on cybersecurity: This could include providing cybersecurity awareness training, as well as more specialized training for IT staff and other personnel who need to be able to identify and respond to cyber threats.
• Developing cybersecurity policies and procedures: This could include creating a cybersecurity incident response plan, as well as policies for password management, data security, and acceptable use of technology.
• Conducting cybersecurity assessments: This could include identifying vulnerabilities in the school’s network and systems and developing a plan to address them.

The Benefits of Applying For a Cybersecurity Grant Program

Schools have to address cybersecurity risks now. The Los Angeles Unified School District, in 2022, was subjected to a targeted, large-scale ransomware attack. This was just a few months after Michigan’s South Redford school district was shut down for two days after an attack. In fact, education is far and away the most targeted industry in 2024, with nearly 80% of educational devices having encountered malware within a 30-day period, according to Microsoft (see image below).

Reducing systemic cyber risk is in everyone’s interest, but it’s not always as straightforward as it seems.

Most schools simply don’t have access to adequately trained IT personnel, much less a highly skilled cybersecurity workforce. They have tight budgets that have to cover an ever-growing list of needs, which means that cybersecurity education and protection for information systems and networks simply aren’t a priority.

Cybersecurity grant funds can help with:

• Improved security: Protecting their students, staff, and data from cyberattacks.
• Increased awareness: Raising awareness of cybersecurity issues among school staff and students.
• Better preparedness: Developing a plan to reduce systemic cyber risk and respond to cyberattacks.
• Access to resources: Providing schools with access to resources that they might not otherwise be able to afford.

Grant Programs For Schools

If you’re not sure where to start, we’ll run down a some programs available to those K-12 schools and higher education institutions within the United States:

State and Local Cybersecurity Grant Program (SLCGP)

Established before the LCIP, this program continues to offer grants to state and local governments for cybersecurity projects, with a wider range of eligible applicants compared to the LCIP. State, local, tribal, and territorial governments are all eligible entities and any nonprofit organization supporting eligible entities can also apply.

While both programs offer grants for cybersecurity projects, the LCIP has a narrower focus on specific eligible entities (primarily state and local governments), different funding priorities that emphasize foundational cybersecurity measures, and a separate application process managed by State Administrative Agencies (SAAs). While the application deadline for this grant expired in 2023, you can sign up for alerts on future opportunities via SchoolSafety.gov. 

The Local Cybersecurity Grant Program (LCIP)

The Local Cybersecurity Improvement Program (LCIP) is a new initiative created by the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). It was established through the State and Local Cybersecurity Grant Program (SLCGP) authorized by the Infrastructure Investment and Jobs Act of 2021.

The LCIP program aims to provide funding and support to eligible state, local, territorial, and tribal governments across the United States to bolster their cybersecurity posture and defend against increasingly sophisticated cyber threats.

A total of $1 billion has been allocated over four years, with $200 million available in fiscal year 2022 and $400 million in fiscal year 2023.

LCIP grants are available to state, local, tribal, and territorial governments, as well as certain nonprofit organizations that support these entities.

The program prioritizes projects that address critical cybersecurity needs, such as implementing foundational cybersecurity measures, enhancing incident response capabilities, and improving cybersecurity skills. While the application deadline for this grant expired in 2023, you can sign up for alerts on future opportunities via SchoolSafety.gov. 

Tribal Cybersecurity Grant Program (TCGP)

This grant offers funding to help tribal governments address cybersecurity risks and threats to their information systems. TCGP provides targeted cybersecurity investments aimed to improve the security of critical infrastructure and resilience of the services that tribal governments provide to their members. While the application deadline for this grant expired in 2023, you can sign up for alerts on future opportunities via SchoolSafety.gov. 

Homeland Security Grant Program

This grant aims to assist state, local, tribal, and territorial efforts in preventing, protecting against, mitigating, responding to, and recovering from acts of terrorism and other threats. It also provides recipients with the resources required for implementation of the National Preparedness System and working toward the National Preparedness Goal of a secure and resilient country. While the application deadline for this grant expired in 2023, you can sign up for alerts on future opportunities via SchoolSafety.gov. 

Secure and Trustworthy Cyberspace

From the National Science Foundation comes this federal grant, which helps with cybersecurity research, and is available to institutions of Higher Education (IHEs), specifically two- and four-year IHEs (including community colleges) accredited in, and having a campus located in the US. Proposals are currently being accepted. While the application deadline for this grant expired in 2023, you can sign up for alerts on future opportunities via SchoolSafety.gov. 

Amazon K12 Cyber Grant Program

This program specifically targets K-12 school districts and state departments of education in the United States. It provides AWS promotional credits to implement cloud-based cybersecurity solutions, improve security awareness, and train staff. Schools must describe the project they intend to work on and how they will apply the funds.

IBM Education Security Preparedness Grants Program

The IBM Education Security Preparedness Grants Program is a $5 million initiative launched by IBM to help schools around the world strengthen their cybersecurity posture.

The goal is to address the growing threat of cyberattacks against schools by providing in-kind grants valued at $5 million. It’s open to schools around the world and makes $500,000 available to each school.

The program will assist schools in crafting incident response plans and ransomware playbooks, helping with the update of operating systems, creating strategic communication plans, upskilling students and teachers in cybersecurity and AI, providing access to mentors, teacher training, toolkits, and customized learning pathways.

Launched in 2021, the program has supported over 350,000 students across schools in the US and abroad.

FCC’s Proposed Cybersecurity Pilot Program

And while it’s not yet official as of publication, the Federal Communications Commission (FCC) recently proposed a pilot program to address the growing cybersecurity threats faced by schools and libraries known as the Schools and Libraries Cybersecurity Pilot Program. It will distribute $200 million over three years and is designed to support K-12 schools and public libraries in improving their cybersecurity defenses and protecting student and patron data.

There are two funding components: basic support that provides foundational funding for services and firewall upgrades, as well as an application for advanced tools and services. Keep an eye on this one. 

If you’re looking for more federal grants, you can check grants.gov.

Spending Your Grant

Applying for one or more grants is just one piece of a larger puzzle. Once funding is acquired, it needs to be spent in a way that will have the maximum impact on the school. Here are a few ways you can spend funding once it’s acquired:

• Invest in Professional Development: Equipping teachers, administrators, and staff with foundational cybersecurity knowledge through workshops, training programs, and simulations is crucial. This empowers them to identify suspicious activity, handle data responsibly, and become ambassadors of online safety.
• Integrate Cybersecurity into the Curriculum: Incorporating age-appropriate cybersecurity modules into various subjects like technology, social studies, and even ethics can raise awareness among students and equip them with essential skills for navigating the digital world safely.
• Organize Awareness Campaigns and Competitions: Create engaging activities like poster contests, presentations, and cybersecurity challenges to keep students and staff actively involved in learning about online threats and promoting safe practices.
• Prioritize Endpoint Security: Secure endpoint devices like laptops, tablets, and mobiles with endpoint detection and response (EDR) solutions to monitor for suspicious activity, patch vulnerabilities, and prevent malware infections.
• Implement Multi-Factor Authentication (MFA): Adding an extra layer of protection beyond passwords, like MFA through text message verification or authenticator apps, significantly mitigates unauthorized access attempts.
• Encrypt Sensitive Data: Sensitive information like student records, financial data, and administrative documents should be encrypted at rest and in transit to ensure confidentiality and prevent unauthorized access even if breached.
• Regularly Patch and Update Software: Keeping software and operating systems updated with the latest security patches helps address known vulnerabilities and minimize the risk of exploitation by attackers.
• Conduct Vendor Audits: Evaluate the security practices of third-party vendors, including software providers and contractors, to ensure they adhere to strict data protection standards and minimize potential vulnerabilities within your ecosystem.
• Review App Privacy Policies: Carefully scrutinize the data collection and usage practices of apps and online services used within the school environment to make informed decisions about their suitability and potential risks.
• Implement Secure Access Protocols: Enforce strong access controls for vendors and external users, granting the least privilege necessary and utilizing secure authentication methods to minimize unauthorized access to school systems and data.

Taking just a few positive steps will help your school build a more secure and resilient digital environment. Cybersecurity is an ongoing journey requiring continuous adaptation. Even the smallest change can make a big difference in strengthening your security posture and protecting your students.

If you’re a K12 or institution of higher learning looking to improve your cybersecurity, Coro is a good place to start. We offer multiple security modules for protection that can be purchased individually, freeing you of purchasing products you don’t need. Take a look at what we offer.