ISS is to publish a white paper in the next month detailing the threat.
It says the risk is increased by the proliferation of handheld devices used to access enterprise systems and the Internet via GSM, a global system for mobile communications.
Mobile phones and handhelds are now used by thousands of UK businesses.
ISS analyst Gunter Ollman said, "Using easily-available equipment someone could choose their favourite financial director and track that person using cell location information to monitor their voice, SMS and mobile Internet traffic for passwords and bank details."
The problem lies in the Comp 128 encryption algorithm in GSM transmissions. Hackers using a PC and mobile phone can crack Comp 128 within seconds.
They could then emulate a GSM base station to gain access to confidential business information or personal details.
Ollman said that more secure algorithms do exist for GSM but carriers do not use them because they are more costly to implement.
He advises business users to be aware of the potential vulnerabilities of GSM and ensure that sensitive business is not conducted on mobile phones.
Ovum analyst Jeremy Green said, "It used to be only governments who had the computing power to do this - now it is within the reach of individuals.
While I don't believe this is a widespread problem businesses may want to think about securing their mobile communications."