"Safe Surfing" probably works better than M-shaft "solutions"
Just pointing out, that M-shaft's anti-ransomware solutions (apparently) aren't very effective.
But here's what I think WOULD be: what I like to call 'safe surfing'.
a) don't surf the web or read e-mail from an ADMINISTRATOR login (this means create at least 2 logins on every machine, one with admin-level access that you RARELY use, and the other with 'guest' level access that's your main login with e-mail, etc.
b) do NOT use Intarweb Exploiter nor 'Edge'. Use a TRULY safe browser, one that's open source, and can have the NoScript plugin running for even MORE protection against rogue things.
c) do NOT view e-mail "as HTML". better still, don't view attachments "in line".
d) do NOT use Virus Outbreak (aka MS Outlook) for e-mail.
e) if possible, do ALL web surfing with a NON-WINDOWS operating system
f) *NEVER* "click on a link" in an e-mail
g) *NEVER* 'just open' or even preview documents attached to an e-mail. If you can do an 'open with' instead, this will mitigate MOST problems caused by mime type forging. Letting the OS decide what to do with the attachment, however, is likely to get you INFECTED at some point.
(the best way to handle attachments is to save to disk, use a utility to scan it and verify what it REALLY is, and then open it directly with the application that you want to view it with)
anyway, those are the 'rules' I can remember at the moment. Practice that, and get everyone on your network to do the same thing, and you SHOULD be fine, or at least BETTER OFF than "not doing that" and relying on Micro-shaft's "solutions" to "prevent" ransomware.