How to protect my code from “insider” threats when hiring my first employee?

I quit my job to start my own SaaS product. I’m now looking to hire my first employee (another developer).

I will be taking appropriate legal precautions to protect my IP, but I’m wondering what other reasonable actions that I can take to further protect my code / data. The last thing that I want happen is what happened to Tesla where someone dumped the source code onto iCloud and ran off with it to a competitor.

I know that it is practically impossible to prevent this 100% from happening and that I need to make sure that I hire quality people and offer meaningful pay and have the appropriate legal documents signed. Apart from this, what else can I do to protect myself from inside threats? I am pouring in my entire life’s savings into this and I will be devastated to lose what I spent the better part of 2 years coding.

Here’s what I’ve thought of so far:

  • Buy a work laptop for them
  • Encrypt the hard drive (like with Bitlocker)
  • Disable all USB ports
  • Create a non-admin / limited user account with no install permissions and just the IDEs (e.g. Visual Studio) installed. I use Windows 10 for most development with the exception of a Mac for the iOS portion of the app development.
  • Install some kind of employee logging software.
  • Disable access to file hosting websites.
  • Somehow detect and stop when a certain folder is being uploaded or copied somewhere?
  • Somehow make the git repository only accessible from that machine.
  • Install some kind of remote admin management system? Azure Active Directory or something?

This must be a common problem for businesses but I must be searching for the wrong thing because I can’t seem to find a guide anywhere on this issue.