They may be just passing your office, computer bag slung over one shoulder or they may be sitting in a car outside, casually tapping away at a laptop. They look like innocent passers-by. In fact, they are stealing your corporate secrets.

Drive-by hacking is the trendy term given to the practice of breaking into wireless computer networks from outside the buildings that house them. As more organisations turn to wireless networks - more convenient and sometimes cheaper than conventional wired networks - to share computer data among employees, they are putting themselves at greater risk of inadvertently sharing it with outsiders too.

A recent study in Britain sponsored by RSA Data Security, found that two-thirds of organisations with wireless networks were risking their data in this way. Security experts patrolled several streets in the City of London seeking evidence of wireless networks in operation.

Of 124 that they identified, 83 were sending data without encrypting them. Such data could readily be picked up by a passer-by armed only with a portable computer, a wireless modem and a few pieces of software that can be freely downloaded from the internet.

The data could include sensitive company documents containing valuable information. Or they could be email identities and passwords that could be used by hackers to log into corporate networks as if they were legitimate users.

Most companies using wireless networking technology do not take even the simplest of precautions to protect their data. Nearly all wireless network technology comes with some basic security features that need only to be activated in order to give a minimum level of security, for example, by encrypting the data being passed over the network.

"It's incredible but companies don't even bother to switch it on," says Mr Tim Pickard, senior vice-president at RSA.

Mr Raymond Kruck, business development manager at Check Point Software, a security technology specialist, believes this could be partly a psychological problem. People see the solid walls of their buildings as bulwarks and forget that wireless networks can extend up to 200 metres beyond physical walls. "They think they are securely behind the perimeter but actually their data can be very easily picked up [outside]," he says.

But are they really having their data stolen by corporate spies? Although security companies have a vested interest in talking up the likelihood of hacking attacks, they claim that many companies secretly admit to having been hacked. Mr Kruck says he knows of three US companies that have recently suffered serious attacks on wireless networks from disgruntled employees or ex-employees. In each case, sensitive company data were stolen, including emails revealing details of the company's business strategies. The companies in question will not permit themselves to be identified.

Even if the threat is overblown, it seems foolish to give hackers or disgruntled employees the chance to tap into corporate networks. Moreover, failing to secure networks properly could place organisations in breach of laws demanding that anyone holding personal data for commercial reasons must take care of that data properly.

Britain's deputy information commissioner, Mr Phil Jones, believes companies could be in breach of the Data Protection Act if they fail to implement basic security technology. "Companies processing personal data need to have an appropriate level of security in place [because] people have a right to expect that their personal details are being properly looked after by those to whom they entrust them," he says.

Appropriate levels of security are difficult to define narrowly. It depends on the nature of the data being held, according to Mr Jones.

Companies without any security at all on their wireless networks make it risibly easy for hackers to break in. Switching on the security that comes with the network technology should be automatic. Then there are other basic steps a company can take, says Mr Kruck, such as changing the passwords on the network from the default setting [which may be just "password" - something any self-respecting hacker would try as a matter of course].

Companies can also install firewalls, which form a barrier between the internal network and the public internet. They should also check their computer records regularly to spot any abnormal activity, which might betray the presence of a hacker.

Some people, of course, may not want to protect their networks at all.

On the opposite side of the coin from the organisations that could be leaving their data open to hackers are the US teenagers who install wireless networks in their houses so their friends and neighbours can "drop in" electronically.

Mr Daniel Strickland, the teenage founder of an internet file-sharing company called Filefreedom, reports that this is a growing trend among young Web surfers in the US, particularly college students.

"People think it's really cool that everyone can share the networks," he says.

It smacks of the kind of freewheeling non-commercial attitude that characterised the early days of the internet.

For companies, though, the threat of drive-by hacking seems set to grow as software programs assisting hackers proliferate on the internet, encouraging amateurs to try them out.

More companies will make themselves vulnerable, predicts Mr Kruck, as they seek to cut costs in the downturn by using wireless technology.

Wireless networks are more flexible than fixed ones, and therefore easier to install in leased accommodation, and can be cheaper to use.

Perhaps most threatening of all, as companies announce redundancies, there will be many more disgruntled employees ready to work out their grudges technologically.