As you may know as of April 8th, Microsoft will not be making updates to Windows XP or Office 2003. What this means is that if you are using Windows XP or Office 2003 in your business and a vulnerability or flaw, Microsoft will not be providing fixes, even if those vulnerabilities are being exploited by hackers. It is my belief, that flaws have already been found and cyber-criminals are just waiting to use them. The sad truth as there are a lot of medical equipment, point of sale equipment, and ATMs still using Windows XP or a customized version of it. If you have systems housing financial or medical information, upgrading your systems is not only prudent, but in many cases required.
Even if you have ONE Windows XP or Office 2003 machine on your network, you are putting your business at risk. That computer can and will be a beach-head for further attacks.
There are budget-friendly ways to get your systems upgraded. Many times you may already have licenses and the hardware required and will just need your IT person to reinstall the operating system and software.