Half of all cyberattacks are aimed at businesses with fewer than 2,500 employees, according to a new guide by California Attorney General Kamala Harris.

Technology has created new opportunities and new risks for California businesses, including cyber attacks,” Harris said in a statement. “This guide offers specific, straightforward recommendations to help businesses continue to thrive by reducing cyber security risks to employees and customers.”

The guide was developed by the California Attorney General’s office, the California Chamber of Commerce and the mobile security company Lookout.

It concludes a cyberattack is a matter of if rather than when, even for small businesses. So, businesses should develop an incident response plan, delete unnecessary data, encrypt data that is still needed and update firewall and antivirus software regularly.

“Prevention is the best medicine. Not only does the guide provide useful information to reduce the threat of cybercrime, it highlights the need to be proactive in preventing data breaches,” said Allan Zaremberg, President and CEO of the California Chamber of Commerce, in a statement.

In 2012, the California Attorney General’s Office received 131 reports of data breaches by businesses, affecting the personal information of more than 2.5 million Californians.

The guide can be found at https://oag.ca.gov/cybersecurity.