After another year of researchers at Black Hat and Defcon placing web-connected devices through the wringer, a ray of sunshine may have emerged shortly after the shows ended regarding the future of Internet of Things (IoT) security.

Spurred on by the Mirai DDoS attack of last October, the Senate in the United States introduced legislation that would institute new security requirements for makers of IoT products that sell to the U.S. government. In addition, the proposed measure expands legal protections for ethical hackers tinkering with these devices. Indeed, the bill seems like a meaningful step toward wrangling in what poses one of the fastest-growing security risks.

But organizations deploying IoT devices cannot solely rely on their manufacturers to keep them safeguarded. In the video above, Jeff Kitson, a Trustwave SpiderLabs security researcher, discusses how a failing furnace during a Michigan winter flung him smack into the world of smart device hacking and prescribes common sense advice for companies wanting to jump on board the IoT bandwagon.