In a letter to Target, Walmart, Best Buy, and Amazon, public interest groups including CFA are asking that these retailers publicly endorse minimum security and privacy guidelines for Internet of Things (IoT) products they sell. These minimum guidelines require all IoT devices to have 1) encrypted communications, 2) security updates, 3) strong passwords, 4) vulnerability management, and 5) privacy practices.