This is all well and good and indeed I agree entirely that attitudes and good processes are essential.
But Windows does have an atrocious track record in security and whilst there is now some ransomeware out there which attacks Linux, the majority by a very long shot targets only Windows which in itself makes it a poor choice of OS in my view. (I caveat this that if everyone switched to something else I'm sure the crims would then target the next most popular OS)
No OS is perfect but M$ has historically been very late to the security hardening party. Plus at one end they're patching vulnerabilities like there's no tomorrow whilst at the other end they're putting out a constant stream of Swiss cheese applications and technologies, often using their world domination to push them to everyone, and creating vast new attack surfaces.
Windows has no place in the server market IMO and M$ knows it, hence all their desperation to embed Linux into Windows and support server development.
The ageing execs who still doggedly hold on the the mantra that nobody ever got fired for buying Microsoft and insist on it being the only corporate 'approved' OS are probably the only reason why some of the biggest names in software still produce a Windows version of their product. And the typical word on the street is that much of it doesn't run as well and/or lacks features and/or isn't very well supported when compared to the Linux version.
Choose a mainstream Linux distro, Choose *.BSD, hell, choose Solaris if you have to. Choose well established and well trusted open source software where possible. Follow best practice guides, keep patched.
But keep Windows limited to Noddy desktops for running Excel, games, CAD or whatever and don't try and run backend services on it - it won't end well :-(