The FBI also recommends changing factory-set (default) passwords and not allowing an IoT device’s accompanying mobile app to gain access to too many smartphone permissions.
https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network/