Knowshow toreport anincidentMentions“Thinkbeforeyou click”UpdatingsoftwarewhenpromptedNodocumentedincidentresponseplanSomeone’sconnectionfreezesmid‑sentenceFirewallrule allows“ANY/ANY”trafficAvoids takingphotos/screenshotsof client dataDeclines toshareinformationover thephoneUsing securefile transferinstead ofemailAvoidspublicWi‑Fi forwork tasksMulti-factorauthentication(MFA)enabledStoressensitivefilessecurelyPetappearsoncamera“Sorry, Iwas onanothercall.”Strongpassphraseused (notjust complexpassword)Employeeuses the“ReportPhish”buttonValidatespayment orchangerequeststhrough asecond channelUsesmulti‑factorauthenticationSomeonementions“Zerotrust.”“Thislooks likea phishingattempt”Sensitivedata sent viaunencryptedemailReports asuspicioustextmessageUses onlyapprovedtools forwork“We’ll acceptthe risk”(withoutdocumentation😉)Hoveringover linksbeforeclickingSlide witha lot oftiny textRecognizesasuspiciousQR codeDeletes datathey’re nolongerauthorized toretainRecognizesa fake loginpageMissingevidencefor anaudit testSaying “If itseems toogood to betrue, itprobably is”Knows not toplugunknownUSBs intodevices“ShadowIT” appfoundUses securefile transferinstead ofemailattachmentHigh-riskvendorflaggedDouble-checksexternalrecipientsbefore sendingAvoidssendingsensitive infounencryptedAttending asecurityawarenesstrainingsessionNoticesspelling/grammarerrors in asuspicious emailReportinga lost orstolendeviceCreates astrongpassphrase(not just apassword)UnpatchedsystemidentifiedIdentifiessuspiciousactivity ontheir accountComputerscreenlockedwhen awayDouble-checking anexternalemailrecipient“You’reonmute.”Excessivepermissions(over‑privilegedaccess)Defaultpasswordstill in useKnows theorganization’ssecuritypolicies existCompletesannualsecuritytrainingSharedcredentialsdiscoveredVerifying apayment/changerequest viaphoneUpdatessoftwarewhenpromptedSomeonesays “Let’stake thatoffline.”LockscomputerwhensteppingawayDeletesunexpectedattachmentsRecognizesan “urgent”or “act now”red flagSomeonementions“AI” or“Copilot.”Public linksharingdisabledon a fileVerifiessenderemailaddressAvoidssharingcredentialswith anyoneUsesapprovedsystems forwork filesRecognizesa scam orfake offerUsescompany‑approvedcloud storageUSB stickplugged intoa corporatelaptopReports asuspiciousemailRecognizeswhensomeone asksfor too muchinformationMissing BAAfor aPHI‑handlingvendorIdentifiesa spoofedsendernameQuarterlyaccessreviewcompletedVendorwithoutrecent SOC2 reportData notclassifiedcorrectlySuspiciouslogin alertFree!PhishingemailreportedSomeonesays, “That’sa greatquestion.”Avoidsdownloadingunknownapplications“Can yousee myscreen?”Shredsdocumentswithpersonal orclient info“If it seemstoo good tobe true, itprobably is”Forwardsunusualemails to thesecurityteamKnowshow toreport anincidentMentions“Thinkbeforeyou click”UpdatingsoftwarewhenpromptedNodocumentedincidentresponseplanSomeone’sconnectionfreezesmid‑sentenceFirewallrule allows“ANY/ANY”trafficAvoids takingphotos/screenshotsof client dataDeclines toshareinformationover thephoneUsing securefile transferinstead ofemailAvoidspublicWi‑Fi forwork tasksMulti-factorauthentication(MFA)enabledStoressensitivefilessecurelyPetappearsoncamera“Sorry, Iwas onanothercall.”Strongpassphraseused (notjust complexpassword)Employeeuses the“ReportPhish”buttonValidatespayment orchangerequeststhrough asecond channelUsesmulti‑factorauthenticationSomeonementions“Zerotrust.”“Thislooks likea phishingattempt”Sensitivedata sent viaunencryptedemailReports asuspicioustextmessageUses onlyapprovedtools forwork“We’ll acceptthe risk”(withoutdocumentation😉)Hoveringover linksbeforeclickingSlide witha lot oftiny textRecognizesasuspiciousQR codeDeletes datathey’re nolongerauthorized toretainRecognizesa fake loginpageMissingevidencefor anaudit testSaying “If itseems toogood to betrue, itprobably is”Knows not toplugunknownUSBs intodevices“ShadowIT” appfoundUses securefile transferinstead ofemailattachmentHigh-riskvendorflaggedDouble-checksexternalrecipientsbefore sendingAvoidssendingsensitive infounencryptedAttending asecurityawarenesstrainingsessionNoticesspelling/grammarerrors in asuspicious emailReportinga lost orstolendeviceCreates astrongpassphrase(not just apassword)UnpatchedsystemidentifiedIdentifiessuspiciousactivity ontheir accountComputerscreenlockedwhen awayDouble-checking anexternalemailrecipient“You’reonmute.”Excessivepermissions(over‑privilegedaccess)Defaultpasswordstill in useKnows theorganization’ssecuritypolicies existCompletesannualsecuritytrainingSharedcredentialsdiscoveredVerifying apayment/changerequest viaphoneUpdatessoftwarewhenpromptedSomeonesays “Let’stake thatoffline.”LockscomputerwhensteppingawayDeletesunexpectedattachmentsRecognizesan “urgent”or “act now”red flagSomeonementions“AI” or“Copilot.”Public linksharingdisabledon a fileVerifiessenderemailaddressAvoidssharingcredentialswith anyoneUsesapprovedsystems forwork filesRecognizesa scam orfake offerUsescompany‑approvedcloud storageUSB stickplugged intoa corporatelaptopReports asuspiciousemailRecognizeswhensomeone asksfor too muchinformationMissing BAAfor aPHI‑handlingvendorIdentifiesa spoofedsendernameQuarterlyaccessreviewcompletedVendorwithoutrecent SOC2 reportData notclassifiedcorrectlySuspiciouslogin alertFree!PhishingemailreportedSomeonesays, “That’sa greatquestion.”Avoidsdownloadingunknownapplications“Can yousee myscreen?”Shredsdocumentswithpersonal orclient info“If it seemstoo good tobe true, itprobably is”Forwardsunusualemails to thesecurityteam

General Security Awareness - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
  1. Knows how to report an incident
  2. Mentions “Think before you click”
  3. Updating software when prompted
  4. No documented incident response plan
  5. Someone’s connection freezes mid‑sentence
  6. Firewall rule allows “ANY/ANY” traffic
  7. Avoids taking photos/screenshots of client data
  8. Declines to share information over the phone
  9. Using secure file transfer instead of email
  10. Avoids public Wi‑Fi for work tasks
  11. Multi-factor authentication (MFA) enabled
  12. Stores sensitive files securely
  13. Pet appears on camera
  14. “Sorry, I was on another call.”
  15. Strong passphrase used (not just complex password)
  16. Employee uses the “Report Phish” button
  17. Validates payment or change requests through a second channel
  18. Uses multi‑factor authentication
  19. Someone mentions “Zero trust.”
  20. “This looks like a phishing attempt”
  21. Sensitive data sent via unencrypted email
  22. Reports a suspicious text message
  23. Uses only approved tools for work
  24. “We’ll accept the risk” (without documentation 😉)
  25. Hovering over links before clicking
  26. Slide with a lot of tiny text
  27. Recognizes a suspicious QR code
  28. Deletes data they’re no longer authorized to retain
  29. Recognizes a fake login page
  30. Missing evidence for an audit test
  31. Saying “If it seems too good to be true, it probably is”
  32. Knows not to plug unknown USBs into devices
  33. “Shadow IT” app found
  34. Uses secure file transfer instead of email attachment
  35. High-risk vendor flagged
  36. Double-checks external recipients before sending
  37. Avoids sending sensitive info unencrypted
  38. Attending a security awareness training session
  39. Notices spelling/grammar errors in a suspicious email
  40. Reporting a lost or stolen device
  41. Creates a strong passphrase (not just a password)
  42. Unpatched system identified
  43. Identifies suspicious activity on their account
  44. Computer screen locked when away
  45. Double-checking an external email recipient
  46. “You’re on mute.”
  47. Excessive permissions (over‑privileged access)
  48. Default password still in use
  49. Knows the organization’s security policies exist
  50. Completes annual security training
  51. Shared credentials discovered
  52. Verifying a payment/change request via phone
  53. Updates software when prompted
  54. Someone says “Let’s take that offline.”
  55. Locks computer when stepping away
  56. Deletes unexpected attachments
  57. Recognizes an “urgent” or “act now” red flag
  58. Someone mentions “AI” or “Copilot.”
  59. Public link sharing disabled on a file
  60. Verifies sender email address
  61. Avoids sharing credentials with anyone
  62. Uses approved systems for work files
  63. Recognizes a scam or fake offer
  64. Uses company‑approved cloud storage
  65. USB stick plugged into a corporate laptop
  66. Reports a suspicious email
  67. Recognizes when someone asks for too much information
  68. Missing BAA for a PHI‑handling vendor
  69. Identifies a spoofed sender name
  70. Quarterly access review completed
  71. Vendor without recent SOC 2 report
  72. Data not classified correctly
  73. Suspicious login alert
  74. Free!
  75. Phishing email reported
  76. Someone says, “That’s a great question.”
  77. Avoids downloading unknown applications
  78. “Can you see my screen?”
  79. Shreds documents with personal or client info
  80. “If it seems too good to be true, it probably is”
  81. Forwards unusual emails to the security team