I prefer the invisible force field that is packing tape when I need truly secure. However, most the machines that are there are still running serial, and not USB. If security over USB is a concern of yours you can disable them on BIOS level, Windows level, or as suggested really get to grit of it with some glue. Building security on the other hand isn't really up to the external IT guy =/ Thanks for the nightmares though, I'll be panicking about my clients issues with USB now.
For many of my clients that run milling machines that still run XP, I am just making sure that they are not connected any longer. In that scenario, continuing XP is sensible and cost effective, with little to no risk. I'm sure most of the IT world is going to see the flare up of exploits that people have been hanging on to waiting for MS to no longer be willing to patch. Anyone of my other clients - law firms, non profits etc. - I am forcing the upgrade. No need to be so tied to such a clunky and difficult to recover OS anymore. Embrace the already 4 year old future, get on the update bandwagon and move on. None of my clients are seeing this as the end of the world like the media and others are describing it.
Then what is the point in having a back up of your source code then? By the time the world recovered from such a catastrophic event to the global network, your games would be useless. Not that it isn't fun to think about, but you are redundant enough.