Every single access is logged on such systems, regardless what kind of file hosting you use.
An employee suddenly accessing tons of files, potentially in indexing order (meaning they’re either clicking through every link, every folder, every file, or are using an automated tool that does exactly the same), now that’s suspicious.
Combine that with logs from their terminal, which would usually contain things like downloads, file operations, as well as external storage connection/disconnection events, and you can basically get a near perfect map of what they stole and how.
Every single access is logged on such systems, regardless what kind of file hosting you use.
An employee suddenly accessing tons of files, potentially in indexing order (meaning they’re either clicking through every link, every folder, every file, or are using an automated tool that does exactly the same), now that’s suspicious.
Combine that with logs from their terminal, which would usually contain things like downloads, file operations, as well as external storage connection/disconnection events, and you can basically get a near perfect map of what they stole and how.