1) Make sure users, especially Windows users, are well educated enough to not run things or accept things that pop up in the browser or is sent in an email.
You do realise that trying to educate most MS Windows users is like trying to drain a lake with a colander.
2) Make sure that all users have Adblockers, No-Script etc installed by default. It is more trouble initially, but it gives you a chance to stop and think, and after a while you will have trained yourself and your browser to allow you to do your work with a minimum of pain.
Well I suppose if you are the System Admin but that would be a really thankless job.
3) Always run Windows in a VM under Linux - and make regular, dated backups of the Windows disk images (the VM disk images!). If shit happens, you can quickly go back to a version that works.
Honestly lets be real here. How many MS Windows users would even know how to install a Linux distribution much less run a virtual machine with MS Windows running in it and as for making backups of the virtual images - err lets not go down that path. In fact how many people actually know how to install MS Widows from scratch even though like Linux it is very easy although IMHO Linux is much more logical.
I think the only thing you can do is shake your head and slowly back away but definitely make sure your family and possibly your friends are educated enough not to be caught out by stammers. Diplomacy, patience and a small amount of constructive education are essential here.
BTW. Please don't take this badly, what you have said is quite valid, however we are talking abut the average MS Windows user who may be quite smart in many areas but dumb as a post when it come to basic IT management and security.