how to secure 1C databases and other data from theft by employees

Hire an Information Security Specialist. He will develop a set of organizational and technical measures and implement them. From measures to restrict access to computers and premises, to video surveillance and logging of screenshots, mail, instant messengers. In short - any whim for your money.
Any home-grown methods can instill false confidence in security, and will come out sideways at the most unexpected moment.

In general - no way. Restricting access to databases to those who do not need them can help you. Or not all are needed.

If you seriously want to be safe, then you should consider switching to the SQL version. It will be problematic even for an advanced user to make a database dump.

It is necessary to introduce an agreement in which to prescribe strict responsibility for each file that will be available to the user. Prescribe fines in the amount of salary for 10 years. And file a lawsuit indicatively.
If you need to pioneer the base, then the Pentagon is not able to protect itself from insiders / outsiders.
In general, each employee should work ONLY in his own data area, and there is an additional "protection" in the form of competition in the organization's departments. You need to look at the structure of the company and so on.
And to the maximum log all user actions, so that there is something to file in a lawsuit if anything.

Immediately what came to mind:
1) Restrict access to 1C databases physically and at the level of AD or users
2) Switch to the client-server version
3) Take away full rights from everyone and leave only the administrator
4) Restrict the use of flash drives and DVD-RW through Windows security policies
5) Limit Internet use and monitor the use of WEB resources. Set proxy server.
There are still additional measures, so it is better to contact an information security specialist.