I work in a Cybersecurity organization. Last week we discovered that many IP addresses for VoIP phones and "Internet of Things" (or IoT) devices like IP cameras where trying to contact forbidden IPs out in the internet. For regular computers the remediation for this would have been to conduct a Complete Virus Scan, or a re-imaging of the affected device.

Not so simple for IP phones or other IoT devices such as IP cameras. We had come to a heated discussion about these in a meeting as their had been no standardized process to remediate these.

What has been your experience in your companies, organization, or from professional education as to what the best practice is in remediating IoT (or non-PC) devices.

Thanks in advance for your opinion.