Actually you can do more like: Secure Communication(VPN) , Endpoint Security(EDR), Continuous Monitoring and Anomaly Detection(AI/ML-Base Treat detection), Data Security(Data minimization and security), Device Lifecycle Management(Decommissioning) and Vendor Management(Reputable vednors)

From my experience in hospitality and tech, I’ve learned that IoT security isn’t just about technology—it’s about trust. When I led IoT projects to optimize hotel operations, we prioritized: Building security from the start—encryption, secure access, and regular updates. Isolating devices on segmented networks to contain vulnerabilities. Real-time monitoring to catch issues before they escalate. It’s not just about protecting data—it’s about safeguarding user confidence.

Keen on improving security practices in all the aspects which includes End User Device Security by MDM, PAM. Focus on the remediation of the vulnerabilities identified in the application and infra components.

Securing IoT devices during digital transformation requires a multi-layered approach. I prioritize implementing multi-factor authentication (MFA) for robust access control. Regular firmware updates are essential to patch vulnerabilities and stay ahead of threats. Additionally, I use network segmentation to isolate IoT devices, limiting the potential impact of breaches. By combining these strategies, we ensure IoT security aligns with our transformation goals, protecting both the network and organizational integrity.

There is no universal solution i.e one size fits all in cybersecurity. Begin by setting up an Information Security Management System (ISMS). This involves identifying your information assets, conducting a risk assessment, implementing controls to mitigate those risks, and regularly monitoring and improving your system. Controls might include technical controls like MFA, network segmentation, administrative controls such as policies, or others fitted to your resources and risk appetite. Additionally, establishing an ISMS can pave the way for ISO 27001 certification, enhancing your company’s competitive edge!

I would give a broader strategic initiatives in conduct detailed threat modeling to understand how IoT devices could be exploited and the potential impact on business processes. Next, is to inventorise the IoT devices, create network segmentation or micro-segmentation using Zero Trust principles. Important to also leverage SIEM or IoT-specific monitoring tools to detect anomalies in device behavior.

ZTNA, end-to-end workload protection, posture management, and compliance will also help you understand your position in IoT security. Failure to meet compliance will automatically lower your score.

- For a long term strategy, it is imperative that besides all technical mechanisms implemented, people that use those devices are trained to work focused on "safety first", and to recognize situations where they can contribute to maintain security. It is important that they understand how the company values GRC and what are the policies about Devices Usage. We need users engajament over the time in order to have success in safeguarding assets.