- Factory resets must return the device to a secure default.
- No hardcoded default passwords.
- Secure storage of sensitive data.
- Data must be stored and transmitted securely.
- Secure software updates to patch security issues.
- Secure development process.
- Known vulnerabilities must be identified, disclosed, and mitigated.
- Keep all devices patched with the latest security updates after appropriate testing.
- Change the default password for accounts and devices.
- Use strong, complex passwords and multi-factor authentication (MFA) wherever possible, choosing authentication apps or hardware tokens over SMS text-based codes.
- Read more about IoT Devices and best practices in the IoT Device Security and Privacy NJCCIC product.
