Wireless technology is fast becoming a ubiquitous business tool. Advances in technology and the rollout of broadband are both responsible, as is the growing number of parents working remotely from home thanks to flexible working regulations which came into force last year.

The DTI predicts that between 2002 and 2005, the number of home workers in the UK will increase by 26 per cent to 8.2 million.

In the future, they will be served by the converged mobile technology market, which is expected to grow by more than 800 per cent in worldwide shipments by 2007, according to researcher IDC.

But the big issue with remote working is not just pleasing staff. What keeps IT managers awake at night, when considering and deploying remote working technology, is security.

So what are the key dangers for remote working? And what can companies do to combat them?

Viruses
The number one security threat is still viruses, not so much because they trash systems but because they overwhelm them.

Only this month, new variants of the Bagel, MyDoom and Netsky viruses flooded the internet as rival virus writers sought to out-do one another. Remote workers are particularly vulnerable to computer virus infection.

"Detached from their 'mothership' network, remote workers' computers are often not up-to-date with the latest antivirus software and product security patches," explained Graham Cluley, senior technology consultant for antivirus specialist Sophos.

"You should treat remote users as though they are on your network, because if their systems become infected, they could pass this on to customers, which could be very damaging for the business."

Few viruses have been found on PDAs and mobile phones, but it is only a matter of time before they become uniform and prove irresistible to virus writers.

Hackers
Amazingly, one in six remote PCs has no protection against hackers. This is a loophole that hackers are increasingly exploiting to gain back-door access to corporate networks, according to a recent NCC Group survey.

A growing number of hackers are looking to profit from the shadowy world of spyware, or 'spookware', which aids commercial espionage. Spyware is software that gathers data covertly, including keystrokes and passwords, and then sends it off to a company's competitor.

An investment broker recently lost more than £22,700 after installing what he thought was a market analysis program, but which turned out to be spyware which was transmitting his account login details to hackers.

Instant messaging and other peer-to-peer programs also carry risks to information confidentiality because they use an open port.

Product vulnerabilities
Remote systems are especially vulnerable to weaknesses in internet-exposed software. Many products have embedded vulnerabilities and default configurations that simply invite attackers, according to analyst Gartner.

Vendors are making security patches available quickly, but they are not always passed on from corporate networks to remote computers soon enough, because hackers can exploit system vulnerabilities within hours.

"Software vendors must invest more in developing and delivering less vulnerable products," said Gartner information security specialist Richard Stiennon.

People
Staff in many companies are their own worst enemy when it comes to remote computer security. Corporate laptops are used in public places, regardless of potential wireless hotspots and the amount of confidential information on show. Notebooks also get left on trains, stolen from the back seats of cars, and corrupted by children.

Home PCs are often used for work purposes even though they may offer inadequate protection against viruses and hackers, and are not secured for the purposes of data protection.

Passwords are nearly always written down and are easily cracked. Moreover, one-third of users don't use any password on their mobile devices, even though they tend to store highly-confidential company and personal information on them, including all their other passwords, Pins and bank details, according to research by Infosecurity and secure software specialist Pointsec Mobile Technologies.

Solutions
Every remote security threat calls for some kind of unique counter-measure. These include:

Managers need to take responsibility for IT security away from end users, and manage and deploy it centrally to avoid staff circumnavigating security measures.

In addition, users should build in key "security guards" at the network periphery, according to Adrian Horne, ThinkVantage technologies specialist in IBM's European personal computing division.

To protect data held remotely, companies require specific end user identity and password verification, and encryption and decryption technology. Where password policies are failing, they ought to consider using biometric identification technologies.

Pointsec offers PicturePIN access control, which consists of a series of pictures chosen by the end user from a randomly displayed larger gallery. To access encrypted information, the user simply points out the pictures corresponding to his or her story.

Further security measures include locking the operating system, using a password-disabled screensaver when taking a screen break in a public place, and always using a standards-based virtual private network to transport data.

Overall, effective security for remote working requires an integrated, multi-layered and determined approach, not least because the attack of choice among internet vandals is increasingly 'blended threats' - more complex worms and viruses such as Nimda, Code Red and Slammer.

These often exploit several different flaws to increase the chance of infecting a computer system. The incidence of such attacks was 20 per cent higher in the first half of 2003 than in the previous six months, according to research by internet security specialist Symantec.

In response, more and more vendors are collaborating to offer integrated internet security solutions. For example, Symantec plans to offer integrated antivirus software, firewall technology, updating services and centralised over-the-air management for Nokia's mobile devices.

Securing remote working is easy on paper, but much harder to achieve in practice. Ultimately, it can only be successful if remote workers and office-based managers fully understand and appreciate the nature and impact of potential security threats, and work together to combat them.

CASE STUDY Surrey Police

At Surrey Police, catching computer viruses is as much of a priority as catching villains. The force's electronic systems store a large amount of highly-sensitive data, including statistics collated for the Home Office, criminal records, and administrative information such as payroll data.

Surrey Police has 350 remote end users, working on laptops or from home via desktop machines. Up-to-date virus protection is extremely important for these staff, who need to record confidential information such as crime reports, statements from witnesses or the results of forensic tests.

After trying various antivirus products on an ad hoc basis, none of which were effective enough, Surrey Police decided to implement a force-wide antivirus strategy. Today, Sophos' antivirus package protects 1,500 laptops and desktops, and more than 120 servers across 50 sites throughout Surrey.

The technology is compatible with Surrey Police's NT 4 operating systems, and proved very stable when tested on the force's systems. It also downloads and deploys antivirus updates automatically when CID and Scene of Crime officers log on to the force's network.

Surrey Police also uses a third-party email gateway product, MailMarshal, which integrates with Sophos SAV Interface.

This seamless integration provides the MailMarshal product with a high-speed channel into Sophos' virus engine, allowing all known virus types to be detected and stopped at the gateway.

"The best thing for us about the solution is that it keeps our systems virus-free and running 24 hours a day," said Surrey Police infrastructure manager Phil Humphries. "On average, Sophos is stopping 20 to 30 infected emails at the gateway every day."