Recognizesa scam orfake offerKnows theorganization’ssecuritypolicies existValidatespayment orchangerequeststhrough asecond channelRecognizesan “urgent”or “act now”red flagUsesapprovedsystems forwork filesShredsdocumentswithpersonal orclient infoRecognizeswhensomeone asksfor too muchinformationAvoidsdownloadingunknownapplicationsForwardsunusualemails to thesecurityteamUpdatessoftwarewhenpromptedAvoidssharingcredentialswith anyoneUses onlyapprovedtools forworkRecognizesa fake loginpageNoticesspelling/grammarerrors in asuspicious emailCompletesannualsecuritytrainingLockscomputerwhensteppingawayReports asuspicioustextmessageVerifiessenderemailaddressDeletesunexpectedattachmentsCreates astrongpassphrase(not just apassword)AvoidspublicWi‑Fi forwork tasksAvoidssendingsensitive infounencryptedAvoids takingphotos/screenshotsof client dataUsescompany‑approvedcloud storage“If it seemstoo good tobe true, itprobably is”Deletes datathey’re nolongerauthorized toretainKnowshow toreport anincidentStoressensitivefilessecurelyDouble-checksexternalrecipientsbefore sendingHoveringover linksbeforeclickingUsesmulti‑factorauthenticationRecognizesasuspiciousQR codeFree!Knows not toplugunknownUSBs intodevicesReports asuspiciousemailIdentifiessuspiciousactivity ontheir account“Thislooks likea phishingattempt”Identifiesa spoofedsendernameUses securefile transferinstead ofemailattachmentMentions“Thinkbeforeyou click”Declines toshareinformationover thephoneRecognizesa scam orfake offerKnows theorganization’ssecuritypolicies existValidatespayment orchangerequeststhrough asecond channelRecognizesan “urgent”or “act now”red flagUsesapprovedsystems forwork filesShredsdocumentswithpersonal orclient infoRecognizeswhensomeone asksfor too muchinformationAvoidsdownloadingunknownapplicationsForwardsunusualemails to thesecurityteamUpdatessoftwarewhenpromptedAvoidssharingcredentialswith anyoneUses onlyapprovedtools forworkRecognizesa fake loginpageNoticesspelling/grammarerrors in asuspicious emailCompletesannualsecuritytrainingLockscomputerwhensteppingawayReports asuspicioustextmessageVerifiessenderemailaddressDeletesunexpectedattachmentsCreates astrongpassphrase(not just apassword)AvoidspublicWi‑Fi forwork tasksAvoidssendingsensitive infounencryptedAvoids takingphotos/screenshotsof client dataUsescompany‑approvedcloud storage“If it seemstoo good tobe true, itprobably is”Deletes datathey’re nolongerauthorized toretainKnowshow toreport anincidentStoressensitivefilessecurelyDouble-checksexternalrecipientsbefore sendingHoveringover linksbeforeclickingUsesmulti‑factorauthenticationRecognizesasuspiciousQR codeFree!Knows not toplugunknownUSBs intodevicesReports asuspiciousemailIdentifiessuspiciousactivity ontheir account“Thislooks likea phishingattempt”Identifiesa spoofedsendernameUses securefile transferinstead ofemailattachmentMentions“Thinkbeforeyou click”Declines toshareinformationover thephone

General Security Awareness - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
  1. Recognizes a scam or fake offer
  2. Knows the organization’s security policies exist
  3. Validates payment or change requests through a second channel
  4. Recognizes an “urgent” or “act now” red flag
  5. Uses approved systems for work files
  6. Shreds documents with personal or client info
  7. Recognizes when someone asks for too much information
  8. Avoids downloading unknown applications
  9. Forwards unusual emails to the security team
  10. Updates software when prompted
  11. Avoids sharing credentials with anyone
  12. Uses only approved tools for work
  13. Recognizes a fake login page
  14. Notices spelling/grammar errors in a suspicious email
  15. Completes annual security training
  16. Locks computer when stepping away
  17. Reports a suspicious text message
  18. Verifies sender email address
  19. Deletes unexpected attachments
  20. Creates a strong passphrase (not just a password)
  21. Avoids public Wi‑Fi for work tasks
  22. Avoids sending sensitive info unencrypted
  23. Avoids taking photos/screenshots of client data
  24. Uses company‑approved cloud storage
  25. “If it seems too good to be true, it probably is”
  26. Deletes data they’re no longer authorized to retain
  27. Knows how to report an incident
  28. Stores sensitive files securely
  29. Double-checks external recipients before sending
  30. Hovering over links before clicking
  31. Uses multi‑factor authentication
  32. Recognizes a suspicious QR code
  33. Free!
  34. Knows not to plug unknown USBs into devices
  35. Reports a suspicious email
  36. Identifies suspicious activity on their account
  37. “This looks like a phishing attempt”
  38. Identifies a spoofed sender name
  39. Uses secure file transfer instead of email attachment
  40. Mentions “Think before you click”
  41. Declines to share information over the phone