This document debunks common myths about Internet of Things (IoT) security. It discusses that IoT devices pose unique security challenges due to their large numbers, limited control and heterogeneity. Common myths addressed include that devices must be servers, VPNs alone can ensure security, and that any one protocol is inherently more secure. The document recommends translating typical security practices to the IoT context, including physical security of devices, secure network configurations, and using devices as clients to authenticated cloud services rather than standalone servers.