There are multiple things you can to reduce the exposure of your wireless network. For each of the points below there is workarounds, if someone really wants onto your wireless network, they'll get in, it's that simple, all you can do is try and reduce the possibility or impact.

Disable SSID broadcast, and change the SSID from the default setting. This means that your wireless network won't advertise it's presence, and if someone is using a sniffer that is aware of the default SSID’s for certain boxes...it just might not see yours. Make the SSID as long a your wireless box will permit, not all wireless cards support all lengths of SSID!

Enable MAC address filtering, and add only the Mac address of your wireless card to it. This stops traffic from other users, again it's possible to change the MAC address of a card within Windows XP, but someone would have to capture a little traffic first.

Turn off DHCP; this limits the likelihood of someone being handed out a valid IP on your LAN.

Use WEP, WPA, EAP, LEAP, 802.11x or whatever else your wireless box supports. Make the keys as long a your wireless box will permit, not all wireless cards can support all lengths of key!

If the wireless box supports Open or Shared Authentication, use Open. Shared Auth uses a challenge/response from memory, whereas Open lets someone throw authentication requests all day long with no response.

Install a software firewall on every computer, so that at least if someone does get on, they can't do damage to your local kit.

Alternatively, totally bolt down your wireless using a Watchguard Soho 6 firewall and buy the VPNForce option. Run your wireless connections over VPN

Try not to get this paranoid:

http://www.securityfocus.com/columnists/320