Apply Network Segmentation and Network Isolation

A lot of the devices on your network require connectivity to the internet, but also internal services. Isolate all internet connected devices from corporate resources using separate network segments when possible.

Apply access control lists or firewall rules to only allow the connections strictly necessary to either the internal resources or the public internet.