Unique passwords for each device, some form of auto-updating so the OS and any webservers don't get too old and making sure the developers know about the OWASP Top 10 should go a long way to making the devices secure.

Anything else would be dependent on what the device is for and how it does it.