Recognizesa scam orfake offerNoticesspelling/grammarerrors in asuspicious emailAvoidspublicWi‑Fi forwork tasksLockscomputerwhensteppingawayDeletesunexpectedattachmentsUsesmulti‑factorauthenticationMentions“Thinkbeforeyou click”Knowshow toreport anincidentUsescompany‑approvedcloud storageKnows theorganization’ssecuritypolicies existStoressensitivefilessecurelyShredsdocumentswithpersonal orclient infoIdentifiessuspiciousactivity ontheir account“Thislooks likea phishingattempt”Creates astrongpassphrase(not just apassword)Knows not toplugunknownUSBs intodevicesForwardsunusualemails to thesecurityteamAvoidssendingsensitive infounencryptedRecognizeswhensomeone asksfor too muchinformationValidatespayment orchangerequeststhrough asecond channelHoveringover linksbeforeclickingRecognizesan “urgent”or “act now”red flagFree!Avoids takingphotos/screenshotsof client dataUses onlyapprovedtools forworkReports asuspicioustextmessageIdentifiesa spoofedsendernameRecognizesasuspiciousQR codeDeletes datathey’re nolongerauthorized toretainAvoidsdownloadingunknownapplicationsUpdatessoftwarewhenpromptedUsesapprovedsystems forwork files“If it seemstoo good tobe true, itprobably is”Avoidssharingcredentialswith anyoneDeclines toshareinformationover thephoneVerifiessenderemailaddressReports asuspiciousemailDouble-checksexternalrecipientsbefore sendingCompletesannualsecuritytrainingRecognizesa fake loginpageUses securefile transferinstead ofemailattachmentRecognizesa scam orfake offerNoticesspelling/grammarerrors in asuspicious emailAvoidspublicWi‑Fi forwork tasksLockscomputerwhensteppingawayDeletesunexpectedattachmentsUsesmulti‑factorauthenticationMentions“Thinkbeforeyou click”Knowshow toreport anincidentUsescompany‑approvedcloud storageKnows theorganization’ssecuritypolicies existStoressensitivefilessecurelyShredsdocumentswithpersonal orclient infoIdentifiessuspiciousactivity ontheir account“Thislooks likea phishingattempt”Creates astrongpassphrase(not just apassword)Knows not toplugunknownUSBs intodevicesForwardsunusualemails to thesecurityteamAvoidssendingsensitive infounencryptedRecognizeswhensomeone asksfor too muchinformationValidatespayment orchangerequeststhrough asecond channelHoveringover linksbeforeclickingRecognizesan “urgent”or “act now”red flagFree!Avoids takingphotos/screenshotsof client dataUses onlyapprovedtools forworkReports asuspicioustextmessageIdentifiesa spoofedsendernameRecognizesasuspiciousQR codeDeletes datathey’re nolongerauthorized toretainAvoidsdownloadingunknownapplicationsUpdatessoftwarewhenpromptedUsesapprovedsystems forwork files“If it seemstoo good tobe true, itprobably is”Avoidssharingcredentialswith anyoneDeclines toshareinformationover thephoneVerifiessenderemailaddressReports asuspiciousemailDouble-checksexternalrecipientsbefore sendingCompletesannualsecuritytrainingRecognizesa fake loginpageUses securefile transferinstead ofemailattachment

General Security Awareness - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
  1. Recognizes a scam or fake offer
  2. Notices spelling/grammar errors in a suspicious email
  3. Avoids public Wi‑Fi for work tasks
  4. Locks computer when stepping away
  5. Deletes unexpected attachments
  6. Uses multi‑factor authentication
  7. Mentions “Think before you click”
  8. Knows how to report an incident
  9. Uses company‑approved cloud storage
  10. Knows the organization’s security policies exist
  11. Stores sensitive files securely
  12. Shreds documents with personal or client info
  13. Identifies suspicious activity on their account
  14. “This looks like a phishing attempt”
  15. Creates a strong passphrase (not just a password)
  16. Knows not to plug unknown USBs into devices
  17. Forwards unusual emails to the security team
  18. Avoids sending sensitive info unencrypted
  19. Recognizes when someone asks for too much information
  20. Validates payment or change requests through a second channel
  21. Hovering over links before clicking
  22. Recognizes an “urgent” or “act now” red flag
  23. Free!
  24. Avoids taking photos/screenshots of client data
  25. Uses only approved tools for work
  26. Reports a suspicious text message
  27. Identifies a spoofed sender name
  28. Recognizes a suspicious QR code
  29. Deletes data they’re no longer authorized to retain
  30. Avoids downloading unknown applications
  31. Updates software when prompted
  32. Uses approved systems for work files
  33. “If it seems too good to be true, it probably is”
  34. Avoids sharing credentials with anyone
  35. Declines to share information over the phone
  36. Verifies sender email address
  37. Reports a suspicious email
  38. Double-checks external recipients before sending
  39. Completes annual security training
  40. Recognizes a fake login page
  41. Uses secure file transfer instead of email attachment