"You Just Assume It Is In There, I Guess": UK Families' Application And Knowledge Of Smart Home Cyber Security

The Internet of Things (IoT) is increasingly present in many family homes, yet it is unclear precisely how well families understand the cyber security threats and risks of using such devices, and how possible it is for them to educate themselves on these topics. Using a survey of 553 parents and interviews with 25 families in the UK, we find that families do not consider home IoT devices to be significantly different in terms of threats than more traditional home computers, and believe the major risks to be largely mitigated through consumer protection regulation. As a result, parents focus on teaching being careful with devices to prolong device life use, exposing their families to additional security risks and modeling incorrect security behaviors to their children. This is a risk for the present and also one for the future, as children are not taught about the IoT, and appropriate cyber security management of such devices, at school. We go on to suggest that steps must be taken by manufacturers and governments or appropriate trusted institutions to improve the cyber security knowledge and behaviors of both adults and children in relation to the use of home IoT devices.