The Operating System of which the IoT application / online account is accessed must remain up-to-date to prevent cyber criminals from harnessing vulnerabilities that enable remote access and control over the IoT device.
Default settings are not always applied with security in mind. Take time to enable security settings as applicable and disable all that offer no benefit to the business or usability of the device.
Where possible, enable 2SV to add an extra layer of security to the application / online account.
When a smart device serves no purpose to the business, immediately disconnect it from the network.
Many IoT products are produced with a default password either commonly used or easily obtainable online. Use strong passwords for a truly robust security solution.
Change the default administrator credentials for the router settings (accessible online) and also change the issued Wi-Fi password. Ensure to use WPA2 encryption to disguise the network from immediate view.
This will monitor and block any unauthorised connections to the network.
Any compromise of an IoT device will remain quarantined within the network of which it is connected, keeping the business network secure.
As with all software, IoT needs updating to receive security fixes for vulnerabilities. Enable automatic updates to be applied automatically, to never miss the latest update release.