IT departments should put pressure on suppliers to step up the security of wireless access technology devices.
This will enable the technology to take off in the corporate world, delegates at the Infosecurity Europe conference will hear next week.
John Meakin, group head of security at Standard Chartered Bank, said that until suppliers began offering wireless devices that were secure "out of the box", businesses would remain cautious about rolling out the technology.
"Wireless networking is so fundamental to the way we will use IT in the future, it is a must-have. The wireless industry needs to go through the same conversion on the road to Damascus with security that Microsoft went through," he said.
Meakin said that it was "absolutely essential" for suppliers to produce equipment that has security switched on by default. He said it was also crucial that technologies be easy to configure even by non-specialist staff.
Phil Cracknell, UK president of the Information Systems Security Association and director of technology assurance at Deloitte, said that large firms with the technical skills to configure wireless networks securely were frequently left exposed because they left some purchasing decisions to be made locally.
"I have had two or three clients that have suffered from problems. Where temporary offices need to be set up, non-experts can often buy and install items like an access box," he said.
Equipment may also lose its secure configuration when there is a problem and revert back to an insecure default state, he warned.
Suppliers needed to be more helpful by delivering technology that was secure by default so that if anything happened it would automatically default to its secure status, he said.
Wireless networks were often the weakest point in an organisation's IT systems, Cracknell said. "If I were attacking an organisation, I would not try social engineering or paying a cleaner to insert a memory stick. It is much easier to sit outside the office in a car," he said.
Comment on this article: firstname.lastname@example.org
David Lacey’s security blog
The latest ideas, best practices, and business issues associated with managing security
Stuart King’s risk management blog
Dealing with the operational challenges of information security and risk management