Here\u2019s a handy list of tips that can help you avoid the most common mistakes that business IT pros make when bringing IoT devices onto enterprise networks.\nThe Online Trust Alliance\u2019s new list lays out 10 suggestions for using IoT tech in the enterprise without making the enterprise more vulnerable to security threats. The list centers on awareness and minimizing access to less-secure devices. Having a strong understanding of what devices are actually on the network, what they\u2019re allowed to do, and how secure they are at the outset is key to a successful IoT security strategy.\n[ For more on IoT see tips for securing IoT on your network, our list of the most powerful internet of things companies and learn about the industrial internet of things. | Get regularly scheduled insights by signing up for Network World newsletters. ]\nHere's the list:\n\nEvery password on every device should be updated from the default, and any device that has an unchangeable default password shouldn\u2019t be used at all. Permissions need to be as minimal as possible to allow devices to function.\nDo your homework \u2013 everything that goes on your network, as well as any associated back-end or cloud services that work with it, needs to be carefully researched before it\u2019s put into production.\nIt\u2019s a good idea to have a separate network, behind a firewall and under careful monitoring, for IoT devices whenever possible. This helps keep potentially insecure devices away from core networks and resources.\nDon\u2019t use features you don\u2019t need \u2013 the OTA gives the example of a smart TV used for display only, which means you can definitely deactivate its microphone and even its connectivity.\nLook for the physical compromise \u2013 anything with a hardware \u201cfactory reset\u201d switch, open port or default password is vulnerable.\nGizmos that connect automatically to open Wi-Fi networks are a bad idea. Make sure they don\u2019t do that.\nIf you can\u2019t block all incoming traffic to your IoT devices, make sure that there aren\u2019t open software ports that a malefactor could use to control them.\nEncryption is a great thing. If there\u2019s any way you can get your IoT devices to send and receive their data using encryption, do it.\nUpdates are also a good and great thing \u2013 whether you\u2019ve got to manually check every month or your devices update on their own, make sure they\u2019re getting patches. Don\u2019t use equipment that can\u2019t get updates.\nUnderlining the above, don\u2019t use products that are no longer supported by their manufacturers or that can no longer be secured.\n\n\n\n\n\n\nThe Online Trust Alliance was founded as a loosely confederated industry group in 2005, mostly as a response to email-based security threats and spam. The group\u2019s aims have evolved substantially since then, to encompass a much wider range of technologies, including IoT. After becoming a recognized 501(c)3 organization in 2012, the OTA was absorbed by the larger Internet Society, and became a subordinate arm of that group as of October 2017.