Double-checksexternalrecipientsbefore sendingCreates astrongpassphrase(not just apassword)CompletesannualsecuritytrainingIdentifiessuspiciousactivity ontheir accountIdentifiesa spoofedsendernameKnows theorganization’ssecuritypolicies existRecognizesa scam orfake offerHoveringover linksbeforeclickingLockscomputerwhensteppingawayRecognizesasuspiciousQR codeAvoids takingphotos/screenshotsof client dataAvoidspublicWi‑Fi forwork tasksStoressensitivefilessecurelyKnows not toplugunknownUSBs intodevicesUsesmulti‑factorauthenticationForwardsunusualemails to thesecurityteamValidatespayment orchangerequeststhrough asecond channelUsesapprovedsystems forwork filesFree!Usescompany‑approvedcloud storageUses securefile transferinstead ofemailattachmentUpdatessoftwarewhenpromptedReports asuspiciousemailVerifiessenderemailaddress“If it seemstoo good tobe true, itprobably is”Deletes datathey’re nolongerauthorized toretainRecognizesan “urgent”or “act now”red flagNoticesspelling/grammarerrors in asuspicious emailAvoidssharingcredentialswith anyoneAvoidsdownloadingunknownapplicationsAvoidssendingsensitive infounencryptedDeletesunexpectedattachmentsRecognizesa fake loginpageRecognizeswhensomeone asksfor too muchinformationUses onlyapprovedtools forwork“Thislooks likea phishingattempt”Mentions“Thinkbeforeyou click”Knowshow toreport anincidentReports asuspicioustextmessageShredsdocumentswithpersonal orclient infoDeclines toshareinformationover thephoneDouble-checksexternalrecipientsbefore sendingCreates astrongpassphrase(not just apassword)CompletesannualsecuritytrainingIdentifiessuspiciousactivity ontheir accountIdentifiesa spoofedsendernameKnows theorganization’ssecuritypolicies existRecognizesa scam orfake offerHoveringover linksbeforeclickingLockscomputerwhensteppingawayRecognizesasuspiciousQR codeAvoids takingphotos/screenshotsof client dataAvoidspublicWi‑Fi forwork tasksStoressensitivefilessecurelyKnows not toplugunknownUSBs intodevicesUsesmulti‑factorauthenticationForwardsunusualemails to thesecurityteamValidatespayment orchangerequeststhrough asecond channelUsesapprovedsystems forwork filesFree!Usescompany‑approvedcloud storageUses securefile transferinstead ofemailattachmentUpdatessoftwarewhenpromptedReports asuspiciousemailVerifiessenderemailaddress“If it seemstoo good tobe true, itprobably is”Deletes datathey’re nolongerauthorized toretainRecognizesan “urgent”or “act now”red flagNoticesspelling/grammarerrors in asuspicious emailAvoidssharingcredentialswith anyoneAvoidsdownloadingunknownapplicationsAvoidssendingsensitive infounencryptedDeletesunexpectedattachmentsRecognizesa fake loginpageRecognizeswhensomeone asksfor too muchinformationUses onlyapprovedtools forwork“Thislooks likea phishingattempt”Mentions“Thinkbeforeyou click”Knowshow toreport anincidentReports asuspicioustextmessageShredsdocumentswithpersonal orclient infoDeclines toshareinformationover thephone

General Security Awareness - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
  1. Double-checks external recipients before sending
  2. Creates a strong passphrase (not just a password)
  3. Completes annual security training
  4. Identifies suspicious activity on their account
  5. Identifies a spoofed sender name
  6. Knows the organization’s security policies exist
  7. Recognizes a scam or fake offer
  8. Hovering over links before clicking
  9. Locks computer when stepping away
  10. Recognizes a suspicious QR code
  11. Avoids taking photos/screenshots of client data
  12. Avoids public Wi‑Fi for work tasks
  13. Stores sensitive files securely
  14. Knows not to plug unknown USBs into devices
  15. Uses multi‑factor authentication
  16. Forwards unusual emails to the security team
  17. Validates payment or change requests through a second channel
  18. Uses approved systems for work files
  19. Free!
  20. Uses company‑approved cloud storage
  21. Uses secure file transfer instead of email attachment
  22. Updates software when prompted
  23. Reports a suspicious email
  24. Verifies sender email address
  25. “If it seems too good to be true, it probably is”
  26. Deletes data they’re no longer authorized to retain
  27. Recognizes an “urgent” or “act now” red flag
  28. Notices spelling/grammar errors in a suspicious email
  29. Avoids sharing credentials with anyone
  30. Avoids downloading unknown applications
  31. Avoids sending sensitive info unencrypted
  32. Deletes unexpected attachments
  33. Recognizes a fake login page
  34. Recognizes when someone asks for too much information
  35. Uses only approved tools for work
  36. “This looks like a phishing attempt”
  37. Mentions “Think before you click”
  38. Knows how to report an incident
  39. Reports a suspicious text message
  40. Shreds documents with personal or client info
  41. Declines to share information over the phone