The first paper arising from research in the Families and IoT project has been published. "When Googling it doesn't work: The challenge of finding security advice for smart home devices" will be presented at the 15th International Symposium on Human Aspects of Information Security and Assurance (HAISA) on 7 July 2021.
In addition to this, the findings of this research will be presented at The 2021 Impact Conference on 23 July 2021, and as part of the poster session at Seventeenth Symposium on Usable Privacy and Security (SOUPS) on 9 August 2021.
The paper, which arose in part as a result of talking with families over the summer of 2020, looked at what might happen when an individual uses generic terms to search for cyber security information related to home IoT devices.
In particular, it found that advice was vague, and difficult to understand how users might apply this information in their personal situation. The pages that provided advice failed to explain why such advice might be helpful, or what people might be guarding against.
The recommendations in the paper call on device manufacturers in particular to make setting up the basics of device security simple, and periodic throughout a device's life. We also think that users should be presented, at the time of initial set up, with examples of user setups (a single person living alone; a family with small children; a family with adult children; a family with frequent external visitors, for example), and recommended settings to improve cyber security for all those who may use the device.
You can watch the presentation from HAISA on YouTube.