Is anyone taking precaution to prevent hackers from connecting to your IOT projects? If so, how? I read that even commercially available devices are susceptible to attacks rendering the device useless.
I know we should make the pass strong and have a good firewall but, most trojans get in into our system through online free code/script/library 
I think in reality, the biggest risk for IOT connected devices is that they use external servers to give the remote access. Whether it’s Eweliynk for the Sonoff devices, or some small-ish setup to give you an app to control your air conditioning, CCTV camera or whatever.
If these servers go down then you loose the control, but in a “cyber war” scenario then he bad guys could turn on all your electrical devices at the same time, and probably knock out most of the power grid in one go.
You could argue that Blynk has the same vulnerability, but with three (or maybe more) servers worldwide then the vulnerability is reduced and we can be fairly certain that nobody has State control over them.
Of course, local server eliminates that issue.
As far as viruses and other vulnerabilities are concerned, I’m not currently aware of any viruses that can infect ESP/Arduino type devices, but there was a vulnerability identified in one of the older ESP cores that was subsequently fixed.
Pete.