I had an employee provide a resignation before I was on site. The employee then unplugged a desktop computer and left the premises with it. The computer contained pricing data, customer data, email communications, login credentials to several important websites, login info to vendor websites.
I filed a police report and the police were able to recover the computer, however the data on the machine was wiped or the drive was replaced.
What should I do?
This!
Onboarding/offboarding procedures
Enrol a device in MDM (you can lock, wipe, reset PC’s remotely).
Backup your data (multiple ways).
Use SSO to enforce sign outs quickly.
Share an internal database base with zero trust as minimum.
Insider threats are unpredictable and devastating. In this situation hindsight has 20/20 vision and I’m gutted for OP. Any company even if there’s two or three of you should think BIG I.T.