Data,” says Howard Schmidt, professor, and president of the international Information Security Forum, “is the gold, the silver and the diamonds of the world we live in, so no matter how someone gets access to your data – whether it’s through a lost piece of media or a wireless network, it’s just as dangerous and troublesome as if someone broke in and stole the entire computer system.”This is why companies worldwide are worrying about the challenge presented by the growth of wireless networking. Richard Levine of Accenture, a consultancy, remembers how at one time the chief information officer mandated how an employee could connect to the network. “Today, they have expectations of how they want to connect and if you don’t give them the hardware and network to do it, they will find their own.”

Even the jargon associated with networking security carries a whiff of menace: “evil twins”, the “man-in-the-middle*” and “split tunnelling**” are just some of the dangers facing companies and their employees. “It is an arms race,” says Rob Cotton, chief executive of NCC Group, a company that tests the integrity of corporate networks. “Hackers will break through virtually anything when it becomes advantageous for them to do so.” His own, 100-strong team of “ethical hackers“ claims a 97.8 per cent success rate in hacking into corporate networks in the course of their wholly legitimate activities.

The mobility conferred by lightweight, affordable portable devices and ubiquitous wireless networks has been hailed as the next and most important business trend as employees enjoy access to the data they need to do their jobs anyhow, anywhere and anytime.

But wireless networks are notoriously vulnerable to hacking – especially public Wi-Fi “hotspots”, which are unlikely to have security or encryption protection – and the experts are unanimous in claiming that constant vigilance is the only answer: “You must never believe you are secure,” Mr Cotton urges. “The only time we have discovered a network that is safe is when it is switched off.”

Kurt Roemer, chief security strategist at Citrix, says organisations have spent millions on security measures to little avail: “The ubiquity of wireless coupled with the fact that users will sign up to whichever available network is easiest, means there is no way for an organisation to own and control the end-to-end network.

“Investment in outdated wireless security measures such as WEP (Wired Equivalent Privacy) is rendered worthless when an employee opts for an unprotected network – or when a hacker can use a ‘point and hack’ tool to expose the network in less than 60 seconds.”

The good news, according to Paul Meakin, portfolio manager for Damovo, the services group, is that the right technology and the right security policies can go a long way to protecting both company and employees: “Remote workers must ensure they are protecting their devices and businesses must ensure they can manage them.

“Devices such as laptops, mobile phones and USB sticks should be encrypted; otherwise they will be wide open to data access. Ideally, companies should have a ‘remote device wipe’ enabled so that all data can be destroyed in the case of loss or theft.” Sensitive data should not be stored on local devices, he urges, suggesting that proprietary technologies that enable a virtual encrypted disk to be created on the machine in use should be used. These make it possible to wipe the disk at the end of each session.

Some argue, however, that data leaks through less technological loopholes. Bob Tarzey, of the consultancy Quocirca, says: “I could not put an accurate figure on it, but I would venture that 99 per cent of sensitive data being compromised through the use of wireless is through the loss or theft of the access device itself, which could be a laptop, netbook or smartphone, rather than the deliberate interception of wireless network traffic. This is the problem on which IT managers should focus. It requires the encryption of stored data.”

Security specialists agree, however, that basic defence measures such as up-to-date firewalls and anti-virus software are critically important for any device that is to be connected to the internet. Dave Hughes, director of wireless broadband for BT Business in the UK warns: “For businesses and individuals that are concerned about their data being intercepted over the internet, we strongly recommend the use of a secure remote access virtual private network using either IPSec or SSL technology. This is an important common practice for both wired and wireless connections.”

IPSec is a set of rules that authenticates and encrypts each packet of data across a network using internet technology. SSL or Secure Socket Layer and its successor Transport Layer Security also provide cryptographic protection for messages travelling across a network so as to prevent eavesdropping, tampering and forgery.

BT operates a network of Wi-Fi hot spots called BT Openzone that can be vulnerable to the “evil twin” scam where a rogue access point pretends to be a legitimate Openzone point with a view to obtaining names, passwords and credit card numbers. Mr Hughes says customers should check that their browser displays a padlock symbol indicating a secured page, the address www.btopenzone.com and that no certificate error dialogue box pops up during log-in: “If these conditions are met, you can be sure that it’s a genuine BTOpenzone access point you are connecting to.

“Remote working using Wi-Fi is perfectly safe provided basic precautions are taken and, as we know, accessing broadband out and about is a really powerful and increasingly essential aid to business,” he says.

Dave Hartley, security consultant with the consultancy Activity, adds: “Try to use only a Wi-Fi provider that implements the IEEE standard 802.1x … What this basically means is that the provider’s client software automatically checks the network’s authenticity so a user cannot accidentally connect to an evil twin.”

What steps should an organisation take to protect itself and its mobile employees? For a start, Prof Schmidt of the ISF emphasises that a wireless network connected to an enterprise network is not necessarily protected by the enterprise firewall. If an employee buys an off-the-shelf wireless connection, there may be no security at all.

Mr Cotton of NCC Group makes four points. “First, do not believe any security vendors’ claims. Certainly, invest in security equipment, but have it tested by an independent expert. Second, don’t believe there is a silver bullet that will meet your security challenge. You must regularly review your arrangements. And if it’s cheap and easy to implement, it will not be secure. That’s just a rule of life.

“Third, security policies must be in place and users must be aware of their responsibilities. Do not, for example, allow staff to use personal features on your wireless network. Fourth, keep up to date with the latest technical developments and advances in encryption.”

Mr Cotton says the responsibility for observing these conditions lies with the chief executive: “A CEO has to know about security in this day and age.”