Unique passwords for each device, some form of auto-updating so the OS and any webservers don't get too old and making sure the developers know about the OWASP Top 10 should go a long way to making the devices secure.
Anything else would be dependent on what the device is for and how it does it.
Anything else would be dependent on what the device is for and how it does it.