"The average person buys it because they say, ’Hey, I can run my computers off of one network’" and one Internet connection, says Johnson, former CIO of the Army’s Program Executive Office of Enterprise Information Systems in Fort Belvoir, Va. "The technology is great. It’s inexpensive. But this technology that’s being sold for a couple hundred dollars doesn’t come with a big red sticker that says, ’Warning, this is really insecure.’"

Welcome to the dark side of a technology that’s actually cheap and easy to use. Whether or not CIOs like it, wireless local area network (WLAN) devices are being carried two-by-two into home and corporate offices by employees who see ads like those and don’t know that the security of the devices is flawed. By Gartner’s estimates, one in five companies has a wireless LAN that the CIO doesn’t know about, and 60 percent of WLANs don’t have the most basic security functions turned on. Meanwhile, airports and Starbucks coffee shops are pushing wireless access, and a growing number of neighborhood associations and even just neighbors are offering public Internet access?grassroots-style?by installing wireless transmitters. All the user has to do is plug in a cheap network card, log on and start surfing.

"It’s just so cool," gushes Gartner’s John Pescatore, describing a recent conference where Cisco Systems gave every attendee a wireless network card?and left the security up to individuals. People e-mailed Pescatore questions during a speech rather than raising their hands. Maybe they turned off file-sharing in their operating systems and used a virtual private network to secure their laptops. Maybe they didn’t. But they ate up the technology like jelly rolls at break time.

"It’s not the IT shops leading the way," says Pescatore, who works from Gartner headquarters in Stamford, Conn. "It’s the users." But (and you saw this coming, right?), it’s the IT shops that ultimately must lead the way to better security.

Look, Ma! No Privacy!

What are these WLANs that everyone is talking about? Governed by the 802.11 set of standards created by the Institute of Electronic and Electrical Engineers (IEEE) in New York City, WLANs transmit data not by wires but by radio waves, in frequencies that don’t require a license (2.4GHz and 5GHz). Setting up a WLAN is a little like plugging a cordless phone base into the telephone jack in a home office, then placing several cordless phones around your house to share that one jack. In WLAN parlance, the base is called an access point (and costs from $200 to $1,000), and the receiver is a wireless network card (which costs as little as $70). The end result is just plain neat. (Look, Ma! No cords!) But the signal can also be picked up by a neighbor using nothing more than a similar $100 wireless network card.