> all mounted network shares where the user has write permissions
This is very literally what 'basic hygiene prevents these problems' addresses. Ransomeware attacks have shown time and again that they way they were able to spread was highly over-permissioned users and services because that's the easy way to get someone to stop complaining that they can't do their job.
"Insider threat model".
Basic security hygiene in the modern world is "assume your employees can be a threat", either because they're incompetent ("I accidentally deleted the shared spreadsheet, I thought it was my copy"), malevolent ("I will show them all!") or compromised ("I clicked a link in my email and now my computer is slow.")
If you aren't designing your systems to be robust against insider threats, they will fail.
(If you design them to be robust against insider threats, they will probably also fail, so you have to be constantly working to understand how to limit the consequences of any individual failure.)