locate the port. block it for outside your network.
even the simplest DSL router/modem allows you to see what devices are on the net. many can show the ports in use. more sophisticated commercial equipment has more sophisticated tracking.
if the security system/fridge/DongleFromHell is always using port 666, don't let that go outside.
if you always want to check remotely from your smartphone what is going on, that doesn't work. if the device you are thinking about does not have good user-managed security, don't buy it.
if the vendors don't make that information availiable, don't buy it.
if there are hardcoded factory access items you can't disable, don't buy it.
(short version) don't buy iotThingies. they are wide freaking open.