Major companies are calling for wireless product manufacturers to improve security standards and say vendors should not expect users to take on the burden.

International user group the Jericho Forum says one of its highest priorities is to draw up a set of wireless security requirements for suppliers.

IT security officers at last week's Infosecurity Europe conference in London told Computing that wireless manufacturers should design out security flaws before launching products, rather than push the responsibility onto customers.

'We have our own wireless security policies and standards, but unfortunately we have to use add-on technologies before deploying wireless,' said David Lacey, director of information security at Royal Mail.

'This is because the current out-of-the-box software doesn't provide sufficient security.'

Lacey says that the Jericho Forum, which he chairs, plans to create a white paper outlining corporate requirements.

Simon Norbury, head of IT at Westminster City Council, which uses wireless networks across London's capital to aid council inspectors in their job, has also called for an improvement in security standards.

'The wireless network is an extension of our council network onto the streets,' said Norbury.

'If, at any point, the public felt our wireless networks were insecure, then we could no longer have the confidence to move the use of this technology forward.'

BT, Cisco and Intel also announced that they are teaming up to educate businesses and users on how to prevent hacking into wireless networks.

The manufacturers have issued security guidelines and have agreed to support wireless security standards, including IEEE 802.11i and version two of WiFi Protected Access.

But Andy Goodman, information risk management head of projects at Barclays Capital, says wireless security practices need to be automated if security breaches are to be avoided.

Digital rights management technologies can also help protect sensitive data through encryption, he says.

'To make mobile security work a lot more fluidly, we need to stop relying on the user to do the right thing. For the end user it's a bundle of arcane rituals.' he said. 'The user is flawed, and doesn't understand security.'

What do you think? Email feedback@computing.co.uk

If you want to be first with the news, visit Computing every day.