Available in coffee shops, hotels, airport terminals and libraries, public Wi-Fi hot spots have become almost as common as public toilets. There are more than 150,000 wireless LAN hotspots worldwide today, a number that will grow to more than 200,000 by the end of 2008, according to research firm Gartner, and not a moment too soon. The typical small business traveler heeds the call of the office even more often than the call of nature, and Wi-Fi hotspots bring convenient relief.

But there's a downside. Public Wi-Fi hotspots have more in common with public toilets than mere convenience. Some are safer than others. And users who don't employ them cautiously run the risk of catching a virus. (Furthermore, they risk letting intruders gain access to their company data.)

Fortunately, there are several simple ways to mitigate all these risks. For risk management of public toilets, click here. For guidance on how to use public hotspots safely, read on:

Security risks for the Wi-Fi public hotspot user include insufficient encryption, hacking tools such as evil twins, and malware.

Unfortunately, it's pretty common for public hotspots to prioritize ease of use over security. And it's very easy to set up an unsecured wireless network. Simply plug an access point into an electrical outlet and, voila: a hotspot! The problem is that hotspot administrators often don't bother to employ encryption protocols such as 802.11i or WPA (Wi-Fi Protected Access.)

Even if encryption protocols are employed, there are still plenty of tools that bad guys can use to eavesdrop on a user's network session. For example, there's the evil twin -- a wireless access point that disguises itself as a public hotspot for the purpose of stealing network passwords, credit card numbers, and other private data from unsuspecting users.

Furthermore, there's myriad malware out there. Vulnerable laptop computers run the risk of infection by viruses, worms, and spyware, all of which can sabotage a hard drive and render the computer useless. This leads to huge headaches for the road warrior. (Worse, a small business employee with a contaminated computer probably doesn't have the option of calling a 24-hour help desk and having a new computer delivered to the hotel in the morning.)

"Let's say that I'm traveling, and I take leave of my senses and ignore best security practices," says Steve Durst, a research engineer at Skaion, a computer security research, development, and testing company in North Chelmsford, Mass. "If I end up trashing my laptop, then too bad for me. I still have a job to do on the road, and if my job means using my laptop, then I'm seriously behind the eight-ball."

To that end, here are some steps that can be taken to assure safer connections at Wi-Fi hotspots:

Use a firewall and a VPN! "Our primary strategy has been not to depend on Wi-Fi hotspots; instead we've opted for EVDO WAN cards from Verizon and Sprint," says Christopher Bell, president of Shopping Syndicate, a startup company in Los Angeles, which owns Dealhack. "We sacrifice some bandwidth performance, but we've gained a lot more location flexibility and a more predictable security environment. But when we do need to use either public Wi-Fi or some other open networks, like hotel Ethernet, we start with a VPN tunnel back to our facilities and access the 'Net from there."

A virtual private network creates a secure tunnel between the employee's computer and the home office's network. Companies of any size should implement a policy requiring the use of VPN software for any remote access to the company server. Most commercial hotspot providers support VPNs.

"We use remote access for accounting, development, and testing," says Jim O'Riordan, VP of technical services at Summit Data Communications, a wireless technology client hardware startup in Akron, Ohio. "These are all client-server applications that very often contain confidential information that requires special safeguards… VPNs serve a dual-purpose for us. Not only do they provide authenticated access through the firewall, but they also guarantee data privacy over unencrypted wireless LANs."