Wirecutters are the best security
The most widespread security problem (just waiting to happen) is commercial PCs with too many ports.Most companies buy off the shelf desktop machines and just possibly have their disti pre-load the operating system with a custom screensaver and call that "added value".
I don't know whether it's because they don't understand security, or simply that they don't care - but anyone with any experience in IT knows about "sneaker nets". While they don't use floppy disks anymore, the modern equivalent lets much more data be surreptitiously moved around (or out, as in this case).
Even if companies can't buy PCs without USB connections, or in some cases without built-in wifi, the modifications are quite simple. Merely disabling the ports in software is not enough, as a determined baddie will have the ability to reset them. Given the parlous standards of change-control, you may even find that the machines were "repaired" by inadvertent software updates while in use. While we're at it, best to replace the chassis screws with vandal-proof ones, to stop casual case-openers, too.
If you're worried about voiding warranties, just find another suport organisation. It's not as if they're scarce and one that's any good will recognise the reasoning and have the flexibility to work with your disabled machines.