This article explains a pretty nasty device. It can take over your computer using remote code execution even it is locked. The author recommends putting your device to sleep when you walk away from it, but I can imagine that someone could just turn the device back on and plug this thing in.
The other suggestion is to cement the USB port so that it is unusable. I think that is the most secure thing to do, but it’s not always practical and USB ports can serve critical business needs. I think its more strategic to implement end point security that would block malicious devices and alert on abnormal activity.