While connecting to corporate email is one of the most common uses of wireless networks, very few users do so securely through a virtual private network (VPN) or use any form of encryption, a report has found.

In a study of 523 users at a US wireless conference last week, only three per cent of corporate email downloads were conducted through the secure tunnel of a VPN.

"Without a secure connection to an enterprise email account, a wireless station exposes the email account name and password to anyone passively sniffing the wireless local area network traffic," said Richard Rushing, vice president of technical services at consultant Air Defence, which conducted the study.

But even more alarming was the finding that users failed to alter the default settings for open SSIDs, which automatically connect a wireless device to the access point with the strongest signal strength.

These stations have no control over which networks they connect to, and could easily be duped into communicating with malicious hosts, Air Defence said.