The somewhat oversimplified approach is to use iOS/Android devices with you in charge of installing any new apps and also inbuilt adblockers. However this still doesn't prevent email phishing.
The more restrictive option would be to use a router level / AdBlocker whitelist for websites they can access.
Ex: Facebook, Google, YouTube, Utilities, Banks etc. This way any phishing domain will get blocked. Obviously highly restrictive but probably the safest bet. You can always add new sites as they need them.