The first thing that the IS teacher broadcasts is that everything starts with documents and security in an organization is a set of measures.
1. You, as an information security specialist in your company, develop a threat model, that is, an intruder model.
2. A regulation on information security is being born, or a fairly detailed regulation on a corporate network in which all cases with access are prescribed (it is possible in applications)
3. You can solve some of the measures technically, in one of the departments at the top level it was decided that flash drives would be prohibited (I objected , but no one listened, they gave birth to a whole order), well, they sawed out flash drives from users, after 2 weeks they remembered about the client bank))) well, then you understand yourself
4. Before you start doing something, you and the management must understand what you want to get in end.
I recommend obliging everyone to store working documents on a network ball. The ball is reserved. Upon dismissal, even if the employee rubs his folder, you will restore everything from the backup.
Same with the cloud.

Any information that a person can see, hear or feel can be stolen. For such things there are mandatory requirements in the contract. Therefore, if, for example, it is proved that such and such a person published / transmitted information that contains a trade secret, then this person can already be held liable.
If you are afraid that the employee will destroy some information that may be useful to the company, then you need to oblige the employee to store all the information on your servers (which will be backed up accordingly)

The measures are mainly organizational.
Technically, you can do the following:
- prohibit storage in the clouds (especially in the light of an article on Habré about how myspace has passed data for many years)
- prohibit the use of personal mail (sending to your personal mail through her webmord is the easiest way to steal data)
- prohibit removable media
- in addition to everything else, you can put SMP. It will not protect against the fact of theft, but it will help to establish the fact itself (and then work for other people :))
- store all working materials only on the network, in the area that is backed up daily
- when the chela is dismissed, when the admin signs the bypass - he is at this moment locks the account and shuts down the computer.

Absolutely nothing. If a person has a head, then he will collect all the documents, letters and scans that pass through his hands and slowly accumulate them, and you won’t do anything about it, only if you assign a guard to each employee. Spy games in a mishandled Cossack are rare, they usually leak data out of revenge, and this situation can be eliminated if you do not give employees a reason to take revenge on the employer, but this is difficult, for this you need to pay a decent salary and comply with the Labor Code of the Russian Federation.

Depending on what is meant by safety.

• When it comes to data leakage - no way. In a sense, of course, it is possible to decide, but this is a set of measures - orders, those. restrictions, physical control of user access to equipment, screening of employees.
  
• If we are talking about the destruction of data - elementary. We store all data on a network ball. The employee left, deleted the account, created a new one, gave access to documents.