Recognizeswhensomeone asksfor too muchinformationLockscomputerwhensteppingawayUsescompany‑approvedcloud storageShredsdocumentswithpersonal orclient infoAvoids takingphotos/screenshotsof client dataKnows theorganization’ssecuritypolicies existForwardsunusualemails to thesecurityteamUsesapprovedsystems forwork filesStoressensitivefilessecurelyVerifiessenderemailaddressKnowshow toreport anincident“If it seemstoo good tobe true, itprobably is”Double-checksexternalrecipientsbefore sending“Thislooks likea phishingattempt”Recognizesa fake loginpageAvoidspublicWi‑Fi forwork tasksDeclines toshareinformationover thephoneHoveringover linksbeforeclickingFree!UpdatessoftwarewhenpromptedAvoidssendingsensitive infounencryptedRecognizesa scam orfake offerCreates astrongpassphrase(not just apassword)Identifiessuspiciousactivity ontheir accountUses securefile transferinstead ofemailattachmentReports asuspicioustextmessageIdentifiesa spoofedsendernameAvoidssharingcredentialswith anyoneDeletesunexpectedattachmentsNoticesspelling/grammarerrors in asuspicious emailRecognizesasuspiciousQR codeKnows not toplugunknownUSBs intodevicesUsesmulti‑factorauthenticationDeletes datathey’re nolongerauthorized toretainUses onlyapprovedtools forworkAvoidsdownloadingunknownapplicationsCompletesannualsecuritytrainingValidatespayment orchangerequeststhrough asecond channelReports asuspiciousemailMentions“Thinkbeforeyou click”Recognizesan “urgent”or “act now”red flagRecognizeswhensomeone asksfor too muchinformationLockscomputerwhensteppingawayUsescompany‑approvedcloud storageShredsdocumentswithpersonal orclient infoAvoids takingphotos/screenshotsof client dataKnows theorganization’ssecuritypolicies existForwardsunusualemails to thesecurityteamUsesapprovedsystems forwork filesStoressensitivefilessecurelyVerifiessenderemailaddressKnowshow toreport anincident“If it seemstoo good tobe true, itprobably is”Double-checksexternalrecipientsbefore sending“Thislooks likea phishingattempt”Recognizesa fake loginpageAvoidspublicWi‑Fi forwork tasksDeclines toshareinformationover thephoneHoveringover linksbeforeclickingFree!UpdatessoftwarewhenpromptedAvoidssendingsensitive infounencryptedRecognizesa scam orfake offerCreates astrongpassphrase(not just apassword)Identifiessuspiciousactivity ontheir accountUses securefile transferinstead ofemailattachmentReports asuspicioustextmessageIdentifiesa spoofedsendernameAvoidssharingcredentialswith anyoneDeletesunexpectedattachmentsNoticesspelling/grammarerrors in asuspicious emailRecognizesasuspiciousQR codeKnows not toplugunknownUSBs intodevicesUsesmulti‑factorauthenticationDeletes datathey’re nolongerauthorized toretainUses onlyapprovedtools forworkAvoidsdownloadingunknownapplicationsCompletesannualsecuritytrainingValidatespayment orchangerequeststhrough asecond channelReports asuspiciousemailMentions“Thinkbeforeyou click”Recognizesan “urgent”or “act now”red flag

General Security Awareness - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
  1. Recognizes when someone asks for too much information
  2. Locks computer when stepping away
  3. Uses company‑approved cloud storage
  4. Shreds documents with personal or client info
  5. Avoids taking photos/screenshots of client data
  6. Knows the organization’s security policies exist
  7. Forwards unusual emails to the security team
  8. Uses approved systems for work files
  9. Stores sensitive files securely
  10. Verifies sender email address
  11. Knows how to report an incident
  12. “If it seems too good to be true, it probably is”
  13. Double-checks external recipients before sending
  14. “This looks like a phishing attempt”
  15. Recognizes a fake login page
  16. Avoids public Wi‑Fi for work tasks
  17. Declines to share information over the phone
  18. Hovering over links before clicking
  19. Free!
  20. Updates software when prompted
  21. Avoids sending sensitive info unencrypted
  22. Recognizes a scam or fake offer
  23. Creates a strong passphrase (not just a password)
  24. Identifies suspicious activity on their account
  25. Uses secure file transfer instead of email attachment
  26. Reports a suspicious text message
  27. Identifies a spoofed sender name
  28. Avoids sharing credentials with anyone
  29. Deletes unexpected attachments
  30. Notices spelling/grammar errors in a suspicious email
  31. Recognizes a suspicious QR code
  32. Knows not to plug unknown USBs into devices
  33. Uses multi‑factor authentication
  34. Deletes data they’re no longer authorized to retain
  35. Uses only approved tools for work
  36. Avoids downloading unknown applications
  37. Completes annual security training
  38. Validates payment or change requests through a second channel
  39. Reports a suspicious email
  40. Mentions “Think before you click”
  41. Recognizes an “urgent” or “act now” red flag