The Security by Design review is suggesting a range of steps for manufacturers, service providers and developers to follow. These include unique passwords on all new devices and ensuring these cannot be reset to a factory default like "admin", giving users and security experts a public point of contact so vulnerabilities can be quickly reported and dealt with, and encryption of data sent over apps and products.
Other proposals included automatic and detailed updates, the ability for consumers to easily delete data from devices, and making it easier to install and maintain devices.
It is estimated every UK household contains at least 10 connected devices and this will increase to 15 by 2020, the equivalent of more than 420 million across the country.
The UK government said it had worked with manufacturers, retailers and the country's National Cyber Security Centre on the review. It said it wanted security to be embedded at the design stage, rather than bolted onto existing products.
A forthcoming Code of Practice will require a greater focus on improving security, as well as encouraging innovation in new products and services.
A proposed labelling scheme will make consumers aware of a product's features at the point of purchase.
Mark Hughes, CEO of BT Security, said: "BT is actively involved in driving standards, interoperability and security across the IoT market and will continue to provide guidance to the Government and industry around best practice for securing internet connected devices.”
Julian David, CEO of industry body Tech UK, added: "It is important that the IoT market now matures in a sensible and productive way, with security embedded at the design stage.
"This project is the start of that maturity. Industry has been keen to engage in the review and demonstrate what is best practice.
"It is important that companies throughout the supply chain now adopt and build on this Code of Practice to build the trust required to drive widespread take-up of the IoT.”
Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.