For cities pursuing smart city strategies, whether that involves connected streetlights with sensors or technology at intersections to make them safer and ease traffic congestion, IT leaders have a responsibility to understand how their vendors are securing the solutions they are providing.

IT security teams should be involved in all requests for proposals to ensure there is an audit trail and proper certification that vendors are conducting their own security reviews of components and following industry standards for securing Internet of Things devices…

They should work proactively to understand how their vendors are encrypting data and ensuring there is multifactor authentication for network access control…

Further, security patches and updates for connected devices should not be reliant on the city or town having a valid warranty for those products; they need to be continuous and ongoing…

Additionally, cities should conduct regular audits — quarterly, if possible — to ensure their IoT devices are being patched.