Free!Hoveringover linksbeforeclickingRecognizesan “urgent”or “act now”red flagMentions“Thinkbeforeyou click”Noticesspelling/grammarerrors in asuspicious emailAvoids takingphotos/screenshotsof client dataIdentifiesa spoofedsendernameAvoidssendingsensitive infounencryptedCreates astrongpassphrase(not just apassword)UpdatessoftwarewhenpromptedForwardsunusualemails to thesecurityteam“Thislooks likea phishingattempt”Usesapprovedsystems forwork filesDeletes datathey’re nolongerauthorized toretainDouble-checksexternalrecipientsbefore sendingRecognizeswhensomeone asksfor too muchinformationAvoidsdownloadingunknownapplicationsKnowshow toreport anincidentShredsdocumentswithpersonal orclient infoAvoidssharingcredentialswith anyoneRecognizesasuspiciousQR code“If it seemstoo good tobe true, itprobably is”CompletesannualsecuritytrainingRecognizesa fake loginpageLockscomputerwhensteppingawayDeclines toshareinformationover thephoneDeletesunexpectedattachmentsUsesmulti‑factorauthenticationKnows not toplugunknownUSBs intodevicesUsescompany‑approvedcloud storageIdentifiessuspiciousactivity ontheir accountReports asuspiciousemailKnows theorganization’ssecuritypolicies existVerifiessenderemailaddressReports asuspicioustextmessageUses onlyapprovedtools forworkRecognizesa scam orfake offerStoressensitivefilessecurelyAvoidspublicWi‑Fi forwork tasksUses securefile transferinstead ofemailattachmentValidatespayment orchangerequeststhrough asecond channelFree!Hoveringover linksbeforeclickingRecognizesan “urgent”or “act now”red flagMentions“Thinkbeforeyou click”Noticesspelling/grammarerrors in asuspicious emailAvoids takingphotos/screenshotsof client dataIdentifiesa spoofedsendernameAvoidssendingsensitive infounencryptedCreates astrongpassphrase(not just apassword)UpdatessoftwarewhenpromptedForwardsunusualemails to thesecurityteam“Thislooks likea phishingattempt”Usesapprovedsystems forwork filesDeletes datathey’re nolongerauthorized toretainDouble-checksexternalrecipientsbefore sendingRecognizeswhensomeone asksfor too muchinformationAvoidsdownloadingunknownapplicationsKnowshow toreport anincidentShredsdocumentswithpersonal orclient infoAvoidssharingcredentialswith anyoneRecognizesasuspiciousQR code“If it seemstoo good tobe true, itprobably is”CompletesannualsecuritytrainingRecognizesa fake loginpageLockscomputerwhensteppingawayDeclines toshareinformationover thephoneDeletesunexpectedattachmentsUsesmulti‑factorauthenticationKnows not toplugunknownUSBs intodevicesUsescompany‑approvedcloud storageIdentifiessuspiciousactivity ontheir accountReports asuspiciousemailKnows theorganization’ssecuritypolicies existVerifiessenderemailaddressReports asuspicioustextmessageUses onlyapprovedtools forworkRecognizesa scam orfake offerStoressensitivefilessecurelyAvoidspublicWi‑Fi forwork tasksUses securefile transferinstead ofemailattachmentValidatespayment orchangerequeststhrough asecond channel

General Security Awareness - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
  1. Free!
  2. Hovering over links before clicking
  3. Recognizes an “urgent” or “act now” red flag
  4. Mentions “Think before you click”
  5. Notices spelling/grammar errors in a suspicious email
  6. Avoids taking photos/screenshots of client data
  7. Identifies a spoofed sender name
  8. Avoids sending sensitive info unencrypted
  9. Creates a strong passphrase (not just a password)
  10. Updates software when prompted
  11. Forwards unusual emails to the security team
  12. “This looks like a phishing attempt”
  13. Uses approved systems for work files
  14. Deletes data they’re no longer authorized to retain
  15. Double-checks external recipients before sending
  16. Recognizes when someone asks for too much information
  17. Avoids downloading unknown applications
  18. Knows how to report an incident
  19. Shreds documents with personal or client info
  20. Avoids sharing credentials with anyone
  21. Recognizes a suspicious QR code
  22. “If it seems too good to be true, it probably is”
  23. Completes annual security training
  24. Recognizes a fake login page
  25. Locks computer when stepping away
  26. Declines to share information over the phone
  27. Deletes unexpected attachments
  28. Uses multi‑factor authentication
  29. Knows not to plug unknown USBs into devices
  30. Uses company‑approved cloud storage
  31. Identifies suspicious activity on their account
  32. Reports a suspicious email
  33. Knows the organization’s security policies exist
  34. Verifies sender email address
  35. Reports a suspicious text message
  36. Uses only approved tools for work
  37. Recognizes a scam or fake offer
  38. Stores sensitive files securely
  39. Avoids public Wi‑Fi for work tasks
  40. Uses secure file transfer instead of email attachment
  41. Validates payment or change requests through a second channel