As the risk of cybersecurity attacks has grown in recent years, many big businesses have put effort into devoting time, money and energy into protecting their online information by ensuring there are safeguards in place to limit these risks. The good news is that a lot of these businesses have been successful; the bad news is that many hackers have not switched gears and began going after more vulnerable targets: small businesses. This is heavily due to small businesses simply not having the manpower power and/or financial means to protect their online information, making it more susceptible for hackers to go after them. However, these businesses have the ability to limit the risk of a cybersecurity attack by implementing and following the five activities of the Cybersecurity Framework: identify, protect, detect, respond, and recover. As mentioned earlier though, small businesses have limited financial means that they are able to dedicate to preventing cyberattacks; I believe this makes it essential that even if a business does not have the ability to implement all five of these activities into their business practices, focusing on the identify and detection groups are of the utmost importance. This can range from simply identifying and controlling those who have access to business information, to implementing separate user logins, to installing and regularly updating malware and antivirus hardware. Of course there are so many more measures that can be taken, at the very least these ensure that there are safeguards in place in the event of a possible attack, and that the business is aware of who exactly has access. Although setting this up requires a considerable amount of manpower, time, and money, the benefits of it greatly outweigh the costs. Not only does it provide business owners with security of their information being protected, it ensures that there are not only steps in place to recover information if it’s lost, but ideally to prevent any from being lost to begin with.