Re: Mitigation against ransomware:
May as well add prohibit any internal software development, or workers with even the slightest disability (or just not being a generic cog), since you are going to end up prohibiting them from getting any work done.
Rules like "20. Ban the use of USB devices" lead to policies requiring a doctor's note (and custom computer that doesn't have the USB ports epoxied) to use a trackball or vaguely ergonomic keyboard for carpal tunnel problems.