Put the onus for security on the manufacturers rather than the users
"If your camera comes with a default password, change it to a secure one" => Require all IoTat devices to not have a default password, rather one that the user has to enter before it can be used. And reject any easily-hackable passwords.
"Keep your camera secure by regularly updating security software" => Require all IoTat devices to update themselves automatically and make manufacturers financially liable for security breaches in the way that they would be liable if a the device electrocuted someone.
"If you do not use the feature that lets you remotely access the camera from the internet, it is recommended you disable it" => Require all IoTat devices to have this feature switched off and only allow it to be enabled if a strong password has been assigned by the user (and maybe mandate 2FA as well).