IoT security breaches are expected to reach an all-time high. It’s important to differentiate between indirect attacks, using IoT devices to conduct cyberattacks against another target, and direct attacks, where the end goal is to compromise and access the IoT device itself. With direct attacks, the goal is access to the IoT device – and by extension the sensors, machines, and environment that the device is connected to. As such, this type has the potential to be even more disruptive and destructive. Criminals, terrorists, and malicious foreign governments may use connected devices to cause havoc or harm. Seven principles can serve as guideposts to enable stronger IoT security.