Almost any computer can be compromised by a skilled hacker if they have physical access to the machine. There are ways of evading even strong password protection with this access and enough time.
Even when the criminal cannot get physical access, they can use a proxy like a USB thumb drive to achieve almost the same result. If they want to break into a specific company’s network, they can “lose” a thumb drive in the employee parking lot. When it is found by an employee, chances are the worker will bring it inside and plug it into their machine, at least to see if they can identify who lost it.
Unfortunately, there are numerous software packages which will instantly install themselves on the machine simply when the thumb drive is plugged in. Some software is malicious and can literally destroy the machine. Others are as described earlier – ransomware, botnets, and anything else the hacker wants to install into the organization’s network.
Many companies recognize this risk and remove or glue the USB sockets on their internal computers to avoid anyone installing software in this manner.