The explosion of Wi-Fi networks both in businesses and in public hotspots is needlessly exposing businesses and individual users to security risks because proper precautions aren't taken, according to research released Thursday by RSA Security.

The report, which studied wireless networks in major U.S. and European cities, found that more than one-third of businesses with wireless networks are susceptible to intrusion from unwanted sources.

The report was prepared for RSA by netSurity. "For a potential hacker, it is almost a case of walking down the street and trying all the doors until one opens--it is almost inevitable that one will," said John Worrall, vice president of the RSA's worldwide marketing, in a statement. "Our research shows that wireless networks in Europe's financial capitals, alone, are growing at an annual rate of up to 66 percent, and more than one-third of businesses remain unprotected from this type of attack."

In its survey, netSurity researchers roamed the streets of New York, San Francisco, London, and Frankfurt with laptops and free software downloaded from the Internet. The researchers found 38 percent of networks in New York to be unprotected; in San Francisco, 35 percent; London, 36 percent; and Frankfurt, 34 percent. "This means," the report stated, "that wireless-network access points could still be broadcasting valuable information that could be used by potential hackers and assist them in launching an attack."

RSA spokesman Matt Buckley said the annual survey found that 802.11g is the dominant Wi-Fi model. "It's jumped ahead," he said in an interview. "It's about two-thirds of the [Wi-Fi] market now. We thought 80211.a would move forward, but it hasn't."

Buckley said security issues differ for business users and for public hotspot users primarily because business networks are meant to serve only authorized users, while public networks are open to all. He noted that many businesses failed to reconfigure Wi-Fi default settings configured by the device manufacturers. "You should change the default settings to something unique," he said.

Business networks should be set up to require users to authenticate themselves before they can gain access to the networks, Buckley said, noting that business VPNs often require authentication.

Another measure that should be taken by business network administrators concerns encryption. Many sites don't encrypt their traffic, Buckley noted. The encryption problem may be at least partially solved by introducing recently-approved 802.11i hardware that automatically encrypts traffic.