Apply Network Segmentation and Network Isolation

Internet Connected Devices often require connectivity to the Internet, but also to internal services. Isolate all Internet Connected Devices from corporate resources in seperate network segments when possible.

Apply Access Control list or Firewall-rules to only allow the connections strictly  neccessary to both the internal resources as the public internet