Double-checksexternalrecipientsbefore sendingShredsdocumentswithpersonal orclient infoUses securefile transferinstead ofemailattachmentStoressensitivefilessecurelyKnows not toplugunknownUSBs intodevicesDeletes datathey’re nolongerauthorized toretainCompletesannualsecuritytraining“Thislooks likea phishingattempt”AvoidspublicWi‑Fi forwork tasksKnowshow toreport anincidentFree!Recognizesa scam orfake offerUsescompany‑approvedcloud storageHoveringover linksbeforeclickingDeclines toshareinformationover thephoneAvoidssharingcredentialswith anyoneAvoidssendingsensitive infounencryptedLockscomputerwhensteppingawayRecognizesasuspiciousQR codeUsesmulti‑factorauthentication“If it seemstoo good tobe true, itprobably is”Validatespayment orchangerequeststhrough asecond channelRecognizesan “urgent”or “act now”red flagIdentifiesa spoofedsendernameVerifiessenderemailaddressReports asuspicioustextmessageKnows theorganization’ssecuritypolicies existUpdatessoftwarewhenpromptedUses onlyapprovedtools forworkNoticesspelling/grammarerrors in asuspicious emailReports asuspiciousemailIdentifiessuspiciousactivity ontheir accountAvoidsdownloadingunknownapplicationsUsesapprovedsystems forwork filesAvoids takingphotos/screenshotsof client dataRecognizesa fake loginpageCreates astrongpassphrase(not just apassword)DeletesunexpectedattachmentsMentions“Thinkbeforeyou click”Forwardsunusualemails to thesecurityteamRecognizeswhensomeone asksfor too muchinformationDouble-checksexternalrecipientsbefore sendingShredsdocumentswithpersonal orclient infoUses securefile transferinstead ofemailattachmentStoressensitivefilessecurelyKnows not toplugunknownUSBs intodevicesDeletes datathey’re nolongerauthorized toretainCompletesannualsecuritytraining“Thislooks likea phishingattempt”AvoidspublicWi‑Fi forwork tasksKnowshow toreport anincidentFree!Recognizesa scam orfake offerUsescompany‑approvedcloud storageHoveringover linksbeforeclickingDeclines toshareinformationover thephoneAvoidssharingcredentialswith anyoneAvoidssendingsensitive infounencryptedLockscomputerwhensteppingawayRecognizesasuspiciousQR codeUsesmulti‑factorauthentication“If it seemstoo good tobe true, itprobably is”Validatespayment orchangerequeststhrough asecond channelRecognizesan “urgent”or “act now”red flagIdentifiesa spoofedsendernameVerifiessenderemailaddressReports asuspicioustextmessageKnows theorganization’ssecuritypolicies existUpdatessoftwarewhenpromptedUses onlyapprovedtools forworkNoticesspelling/grammarerrors in asuspicious emailReports asuspiciousemailIdentifiessuspiciousactivity ontheir accountAvoidsdownloadingunknownapplicationsUsesapprovedsystems forwork filesAvoids takingphotos/screenshotsof client dataRecognizesa fake loginpageCreates astrongpassphrase(not just apassword)DeletesunexpectedattachmentsMentions“Thinkbeforeyou click”Forwardsunusualemails to thesecurityteamRecognizeswhensomeone asksfor too muchinformation

General Security Awareness - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
  1. Double-checks external recipients before sending
  2. Shreds documents with personal or client info
  3. Uses secure file transfer instead of email attachment
  4. Stores sensitive files securely
  5. Knows not to plug unknown USBs into devices
  6. Deletes data they’re no longer authorized to retain
  7. Completes annual security training
  8. “This looks like a phishing attempt”
  9. Avoids public Wi‑Fi for work tasks
  10. Knows how to report an incident
  11. Free!
  12. Recognizes a scam or fake offer
  13. Uses company‑approved cloud storage
  14. Hovering over links before clicking
  15. Declines to share information over the phone
  16. Avoids sharing credentials with anyone
  17. Avoids sending sensitive info unencrypted
  18. Locks computer when stepping away
  19. Recognizes a suspicious QR code
  20. Uses multi‑factor authentication
  21. “If it seems too good to be true, it probably is”
  22. Validates payment or change requests through a second channel
  23. Recognizes an “urgent” or “act now” red flag
  24. Identifies a spoofed sender name
  25. Verifies sender email address
  26. Reports a suspicious text message
  27. Knows the organization’s security policies exist
  28. Updates software when prompted
  29. Uses only approved tools for work
  30. Notices spelling/grammar errors in a suspicious email
  31. Reports a suspicious email
  32. Identifies suspicious activity on their account
  33. Avoids downloading unknown applications
  34. Uses approved systems for work files
  35. Avoids taking photos/screenshots of client data
  36. Recognizes a fake login page
  37. Creates a strong passphrase (not just a password)
  38. Deletes unexpected attachments
  39. Mentions “Think before you click”
  40. Forwards unusual emails to the security team
  41. Recognizes when someone asks for too much information