Budget cuts, more devices than ever, and cyber threats that just won’t quit. That was the theme of our recent webinar, K-12 Cybersecurity on a Budget: Doing More With Less in the Age of Cuts, featuring three IT leaders who live this every day: Tim Miles, Director of Technology at from Steamboat Springs SD (CO), Claire Sexton, Cybersecurity Administrator at Kingman USD (AZ), and Austin Isaacks, Director of Information Technology from Highland ISD (TX).

Different district sizes, same reality. Attackers are getting smarter, resources are getting slimmer, and teams are being asked to do more with less. Here’s what our panelists shared about how districts can stay secure this school year and beyond.

[FREE] Google Workspace and/or Microsoft 365 Security & Safety Audit. Learn More & Claim

1) The biggest threats school districts are facing right now

When asked what’s changed most in K-12 cybersecurity, the panel agreed that we’ve entered a new era. The threat landscape has been reprogrammed with faster, smarter, and more personal attacks.

Phishing remains the biggest digital threat, only now it’s supercharged by AI, making fake emails more convincing than ever. Claire explained that tools like generative text and deepfakes make these emails look startlingly real, noting that “AI is pumping out phishing attacks way faster, way more accurately.” Educators are already stretched thin, which only heightens their vulnerability to these convincing lures.

Meanwhile, Tim warned that vulnerabilities don’t just come from inside the district. Third-party vendors, cloud services, and hardware are often the weak link, with flaws that “you don’t see until it’s already been compromised.” Add in the growing risk of accidental data exposure, misconfigured file-sharing or unencrypted IEPs, and the attack surface just keeps widening.

In short, the biggest threats this school year are:

• AI-driven phishing and social engineering that prey on busy staff
• Vendor and third-party vulnerabilities that hide in plain sight
• Data exposure and misconfigurations that leak sensitive student info

It’s a challenging mix, but one that districts can prepare for with layered defenses and better visibility. With Cloud Monitor’s new AI phishing detection tool, schools can take the first step toward catching these next-gen threats before they reach staff or students’ inboxes. 

2) The non-negotiables when budgets tighten

If every cybersecurity line item is on the chopping block, and the budget’s stretched thin, what can’t your district afford to lose? For these IT leaders, a few essentials rose to the top.

Tim started with the foundation: the network. “No one can do their job without a solid network,” he said. His team re-engineered their setup so the firewall doubles as a core router, saving money while improving security by segmenting internal traffic. Claire added that strong email auditing and security are non-negotiable too. “If you can’t tell what people are clicking on, you can’t stop it or learn from it,” she said.

Both Claire and Tim also stressed the importance of personal connection in cybersecurity. Instead of relying on online training, they meet face-to-face with staff. “When a suspicious email lands, I want them to see my face before they click,” Tim joked, and the results prove it works.

Three must-haves they all agreed on:

• A reliable, segmented network that limits how far attackers can move
• Email visibility to track and respond to phishing attempts
• Human-focused training that builds relationships and habits, not checkboxes

Our panelists prove that even without big IT budgets, creativity can go a long way. Tim partners with nearby small districts to share his firewall and security services, while Claire leans on Arizona’s free Cyber Readiness Program. As Austin put it, “It’s never a problem until it is a problem, and by then it’s a very expensive one.”

[FREE] Google Workspace and/or Microsoft 365 Security & Safety Audit. Learn More & Claim

3) Building a stronger posture with what you already have

The panel wrapped up with advice for schools that feel under-resourced, or that are just getting started on their cybersecurity journey. The good news? Small, but impactful, improvements don’t always cost anything.

Claire shared that her cybersecurity training career started with hallway conversations. “Train one person at a time,” she said. “You don’t need new tools to teach someone to pause before they click.” Tim echoed the value of peer collaboration, encouraging leaders to connect with others through CoSN chapters, K12 SIX, or local service centers instead of reinventing the wheel.

Austin took a more hands-on approach, explaining how limiting exposure can make a big difference. By blocking external email for younger students and whitelisting specific domains for high school, his team reduced both risk and workload.

Their simple but powerful advice:

• Start small with practical, repeatable training moments
• Collaborate with neighboring districts and state networks
• Tighten what you already own, enable MFA, review sharing settings, and tune alerts

Ultimately, they all agreed that cybersecurity isn’t just about data and dashboards. “Your users are people,” Claire reminded everyone. “They can be victims too. Don’t forget that.”

Stretch Your Budget Further With Better Visibility Into Google Workspace & Microsoft 365

K-12 cybersecurity doesn’t have to be perfect to be powerful. With Cloud Monitor by ManagedMethods, you can start by protecting district data, securing email, detecting account takeovers, and identifying risky third-party vendor access.

We like to think of Cloud Monitor as a centralized command center for Google Workspace and Microsoft 365 security. It uses deep API integrations to monitor continuously with no proxy, agent, or extension needed. It automates controls to prevent data breaches, account hijacks, phishing and malware attacks, and flags student safety signals. 

Want to see how your district can start saving today? Try Cloud Monitor’s Free Google Workspace & Microsoft 365 Risk Audit. Because even when budgets shrink, your security posture doesn’t have to.

The post Doing More With Less: What K-12 Tech Leaders Are Prioritizing for 2025–2026 appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

*** This is a Security Bloggers Network syndicated blog from ManagedMethods Cybersecurity, Safety & Compliance for K-12 authored by Alexa Sander. Read the original post at: https://managedmethods.com/blog/k12-cybersecurity-on-a-budget/