Strengthening cybersecurity in a government department by addressing password management challenges and human factor vulnerabilities

At a Glance

Metadata	Details
Publication Date	2025-07-14
Journal	Discover Computing
Authors	Matipa Ricky Ngandu, Gardner Mwansa, Ziyanda Mkabe
Institutions	Walter Sisulu University
Analysis	Full AI Review Included

Executive Summary

• Core Challenge: The study identified significant human factor vulnerabilities and poor password management practices within a South African district health department, threatening cybersecurity resilience and operational efficiency.
• Key Behavioral Risks: 60% of users reuse passwords across multiple accounts, and 50% admit to sharing passwords. A concerning 20% of respondents reported never changing their passwords.
• Organizational Gaps: Management structure is fragmented; 22% of respondents reported decentralized password policy management, and 58% indicated no designated personnel oversee password security.
• Operational Impact: Unclear role assignment and accountability structures significantly correlate with increased operational delays caused by password reset processes (Fisher-Freeman-Halton Exact p=0.003).
• Trust and Security Perception: A statistically significant positive correlation (Spearman’s rho = 0.416, p=0.003) links perceived security of reset mechanisms with confidence in overall data protection.
• Recommendations: Implement centralized oversight, mandate Multi-Factor Authentication (MFA), and deploy enhanced, role-specific digital literacy training to address behavioral shortcomings.
• Framework: Analysis was guided by the Human Factor Diamond (HFD) model, linking individual behavior, organizational environment, management, and preparedness to cybersecurity outcomes.

Technical Specifications

Parameter	Value	Unit	Context
Sample Size (N)	50	Respondents	Single district health department
Survey Reliability	0.816	Cronbach’s Alpha	Good internal consistency of instrument
Password Reuse Rate	60%	Percent	Users not employing unique passwords (Fig. 6)
Password Sharing Rate	50%	Percent	Users who have shared credentials (Fig. 8)
Never Change Password Rate	20%	Percent	Users who never update passwords (Fig. 5)
Insecure Storage Rate	40%	Percent	Users relying on memory (40%) or writing passwords down (26%) (Fig. 7)
Operational Delay Incidence	24%	Percent	Respondents reporting delays due to resets (Fig. 9)
Perceived Vulnerability (Lack of Security)	54%	Percent	Primary vulnerability identified by respondents (Fig. 25)
Correlation (Security vs. Trust)	0.416	Spearman’s rho	Significant positive correlation (p=0.003)
Management Structure	22%	Percent	Password management reported as decentralized (Fig. 14)
Accountability Clarity	58%	Percent	Respondents reporting no designated personnel for oversight (Fig. 15)
Association (Delays vs. Responsibility)	0.003	Exact p-value	Statistically significant association (Table 4)

Key Methodologies

1. Research Design: Quantitative study utilizing a structured survey instrument (28 items) with a mix of multiple-choice and 5-point Likert scale questions.
2. Sampling Strategy: Stratified random sampling (N=50) was used to ensure representation across key employee categories: IT staff (14), System Administrators (7), and Healthcare Professionals (29).
3. Analytical Framework: The Human Factor Diamond (HFD) model was applied to categorize and analyze findings related to Management, Environment, Individual behavior, and Preparedness.
4. Data Collection Period: Conducted between 25^th November 2024 and 10^th December 2024, distributed via internal departmental mailing lists.
5. Statistical Analysis: Descriptive statistics (frequency distributions, cross-tabulations) were used to identify trends. Inferential analysis included Spearman’s rank correlation, Pearson Chi-Square test, and Fisher-Freeman-Halton Exact Test.
6. Instrument Validation: Reliability was confirmed via Cronbach’s Alpha (0.816), indicating good internal consistency among the survey items.

Commercial Applications

The findings necessitate robust security interventions applicable across several sectors, particularly those handling sensitive data:

• Healthcare Information Systems:
  • Mandatory integration of Multi-Factor Authentication (MFA) and Single Sign-On (SSO) into Electronic Health Records (EHR) and telemedicine platforms to mitigate risks associated with password reuse and sharing.
  • Development of secure, user-friendly password reset mechanisms, potentially leveraging AI-supported systems to reduce time consumption and reliance on human support.
• Public Sector and Government IT:
  • Implementation of centralized Identity and Access Management (IAM) policies to replace decentralized management structures (22% reported decentralized management).
  • Establishment of clear accountability frameworks, including access logs and user verification checkpoints, to embed password security responsibilities into managerial functions.
• Cybersecurity Training and Consulting:
  • Provision of targeted digital literacy and security awareness training programs, focusing specifically on high-risk behaviors (password sharing, insecure storage) identified in the study.
  • Consulting services to audit and streamline password reset procedures, addressing the 36% of respondents who found the current process time-consuming.
• Biometric and Password-less Authentication:
  • Exploration and deployment of advanced authentication methods (e.g., biometric authentication) to reduce dependency on conventional password-based systems and minimize human error (cited as a vulnerability by 32% of respondents).

View Original Abstract

Abstract This study investigates password management challenges and human factor vulnerabilities within a South African district health department using a quantitative approach with 50 respondents. Descriptive and inferential statistics were employed, guided by the Human Factor Diamond (HFD) model as an analytical lens. Results highlight poor password hygiene, with 60% of users reusing passwords and 20% never updating them. Significant associations were found between operational delays and unclear role assignment (p <.001), while a positive correlation (ρ =.416, p =.003) linked perceived system security with data protection confidence. Inconsistent training and decentralised policy enforcement exacerbate cybersecurity risks. While nearly half of the respondents rated current reset mechanisms as effective, many expressed the need for clearer guidance, stronger safeguards, and improved support. Human factors, including digital literacy, preparedness, and role clarity, emerged as central barriers to effective password management. The study recommends centralised oversight, enhanced training, and secure, user-friendly technologies such as multi-factor authentication and AI-supported reset systems.

Tech Support

Related Applications

Our scientists have selected these diamond solutions based on the research abstract.

Recommended

Boron Doped Single Crystal Diamond Plate

View Specs →

Recommended

Single Crystal Cvd Diamond Plate

View Specs →

Recommended

Customized Single Crystal Cvd Diamond Plate

View Specs →

Can’t find what you need? Explore our full catalog of Diamond Materials

Original Source

• DOI: https://doi.org/10.1007/s10791-025-09659-2

---

Reads Similar to This

Pursuing many-body dynamics of NV centers in diamond The Role of Self-Corrosion during the Dissolution of Galvanically Coupled Magnesium Biophotonic low-coherence sensors with boron-doped diamond thin layer

← Older Paper Sustainable Photovoltaic-Powered Series Electrochemical Reactors Using Nonactive Electrocatalytic Materials for Electro-Refinery in Organics and Energy Production Newer Paper → Textile with diamond weave for heat insulation