This bingo card has 81 words: Multi-factor authentication (MFA) enabled, Phishing email reported, Suspicious login alert, Unpatched system identified, Shared credentials discovered, “Shadow IT” app found, Vendor without recent SOC 2 report, Missing BAA for a PHI‑handling vendor, Free!, High-risk vendor flagged, Excessive permissions (over‑privileged access), Public link sharing disabled on a file, Default password still in use, Quarterly access review completed, No documented incident response plan, Data not classified correctly, Missing evidence for an audit test, USB stick plugged into a corporate laptop, Sensitive data sent via unencrypted email, Firewall rule allows “ANY/ANY” traffic, “We’ll accept the risk” (without documentation 😉), Computer screen locked when away, Strong passphrase used (not just complex password), Employee uses the “Report Phish” button, Double-checking an external email recipient, Using secure file transfer instead of email, Verifying a payment/change request via phone, Reporting a lost or stolen device, Attending a security awareness training session, Updating software when prompted, Saying “If it seems too good to be true, it probably is”, “You’re on mute.”, “Can you see my screen?”, Pet appears on camera, Someone says “Let’s take that offline.”, Someone mentions “Zero trust.”, Someone mentions “AI” or “Copilot.”, “Sorry, I was on another call.”, Someone’s connection freezes mid‑sentence, Slide with a lot of tiny text, Someone says, “That’s a great question.”, Uses multi‑factor authentication, Creates a strong passphrase (not just a password), Locks computer when stepping away, Reports a suspicious email, Verifies sender email address, Double-checks external recipients before sending, Uses secure file transfer instead of email attachment, Deletes unexpected attachments, Updates software when prompted, Avoids downloading unknown applications, Hovering over links before clicking, “This looks like a phishing attempt”, Recognizes a fake login page, Reports a suspicious text message, Declines to share information over the phone, Notices spelling/grammar errors in a suspicious email, Recognizes an “urgent” or “act now” red flag, Identifies a spoofed sender name, Recognizes a suspicious QR code, Validates payment or change requests through a second channel, Avoids sending sensitive info unencrypted, Stores sensitive files securely, Uses approved systems for work files, Avoids public Wi‑Fi for work tasks, Shreds documents with personal or client info, Avoids taking photos/screenshots of client data, Deletes data they’re no longer authorized to retain, Uses company‑approved cloud storage, “If it seems too good to be true, it probably is”, Recognizes a scam or fake offer, Mentions “Think before you click”, Knows how to report an incident, Completes annual security training, Knows not to plug unknown USBs into devices, Uses only approved tools for work, Recognizes when someone asks for too much information, Forwards unusual emails to the security team, Avoids sharing credentials with anyone, Knows the organization’s security policies exist and Identifies suspicious activity on their account.
General Security Awareness | Cybersecurity Superhero BINGO! | Privacy Awareness Week | Cybersecurity Bingo | Cybersecurity BINGO!
Share this URL with your players:
For more control of your online game, create a clone of this card first.
Learn how to conduct a bingo game.
With players vying for a you'll have to call about __ items before someone wins. There's a __% chance that a lucky player would win after calling __ items.
Tip: If you want your game to last longer (on average), add more unique words/images to it.
