- HTTPs… everywhere. Make a goal for no unencrypted traffic for anything. It’s a good step one.
- Research the best practices for each project to the best of your ability. Here are a few papers targeting different aspects of the problems, sadly, none targeted at the hobbyist. (I’ll keep looking.)
- Managing Users’ Rights Responsibly – A Guide for Early-Stage Companies
- OWASP – The Ten Most Critical Web Application Security Risks 2017
- SANS – Building the New Network Security Architecture for the Future
- GSMA – IoT Security Guidelines Overview, and Assessment (hilariously, a .docx)
- O’rielly Checklists
The research never stops. That’s why we have sweeps!