As countries scramble to stop the spread of COVID-19, legions of employees have been sent home to work, some with as little as 24 hours’ notice. 

It’s a move that has some experts worried about cybersecurity.

“We always say that you can’t manage what you don’t know about and that is going to be a truth with nightmare consequences for many companies and government agencies struggling to respond to the coronavirus situation,” Dr. Barbara Rembiesa, president and CEO of The International Association of IT Asset Managers, said in a statement.

“The impulse to send employees home to work is understandable, but companies and agencies without business continuity plans with a strong IT Asset Management component are going to be sitting ducks for breaches [and] hacking.”

recent small-scale survey by CNBC appears to echo this sentiment. The findings suggest phishing scams and spam are rising in the wake of COVID-19, with one respondent citing a 40 per cent spike in cybercrimes in their organization.

The security breaches are happening for a few reasons. For starters, some employees are adjusting to working at home for the first time. Companies that rushed the transition may not have implemented security measures, forcing some people to access sensitive information on personal computers and phones, with the use of vulnerable Wi-Fi systems.

“We are hearing from many clients and law enforcement that the level of cyberattacks, phishing attempts, and scams occurring in light of COVID-19 has grown dramatically,” Miriam Wugmeister, partner and co-chair of law firm Morrison & Foerster’s global privacy and data security group, told CNBC.

“The bad guys know that every IT department and every cybersecurity group is currently overwhelmed and stretched.”

On top of security vulnerabilities, there’s also the matter of the new working arrangements, which may be less-than-ideal. While working from home can be productive, that’s more likely to occur when employees have a dedicated workspace and don’t have to look after their kids at the same time.

But dividing attention between a 40-hour-workweek while simultaneously caring for children has become a sudden reality for millions, now that schools across the globe are closed, possibly until September.

While some experts, like chief information officer for the town of Cary, North Carolina Nicole Coughlin, say they’re hesitant to blame the rise in cybersecurity threats exclusively on COVID-19, at least some crimes are a direct result of it.

Canada’s RCMP, for example, has seen an uptick in scammers playing up the emotional toll of the virus as a means to acquire credit card numbers and cash “donations.”

We’re in unchartered territory right now, but the takeaway for employees and business owners is to remain diligent, be aware of potential phishing scams, and exercise caution when accessing sensitive data — because the hackers are out in full force.