For a long time, I have been advising colleagues to lock their computers before they walk away from them. It protects against a lot of the risks of accidents as well as malicious attacks and is easy to do. On a Window machine, you just have to press the Windows key and L and there are ways to do it on any system. Even if normally working in trusted environments, it is a habit worth developing.
It turns out though that you now have to be even more careful. PoisonTap is a recent threat I was reading about at the end of last year. It turns out that, with a bit of technical expertise and a very low outlay in parts, an attacker can now infect your computer even if the screen is locked as long as they can plug into a USB port and a web browser is open on the computer. The computer ‘cleverly’ spots that it has a new network device available, has a conversation with it and thus gets thoroughly compromised.
That is a bit like discovering that burglars can walk through walls if you’ve left your heating on! Mind you, even without this potential new attack, it is safest not to leave lots of programs running. The less that’s live, the less there is to break.