For the most part this is not a technical problem but a human problem. So while technology has a role to play it has limits.
If the employee will be working from home supervision is more difficult. If you’ll be monitoring his/her activity you don’t want to be in breach of applicable privacy laws.
The computer has to be secured obviously but the rest of the environment is important too. If you have a corporate LAN there should be adequate protections like an IDS/firewall. But the equipment is often useless without somebody keeping an eye on the logs and the alerts.
Since you mentioned Visual Studio, the developer may need to be at least a local admin to work in optimal conditions. If you cripple their environment they may be tempted and even forced to find workarounds and defeat your security measures which is what you want to avoid.
I’m afraid we all have to trust other people and take risks. The more you monitor your employees, the more you make it obvious to them that you don’t trust them and make them feel untrustworthy. At some point the surveillance effort becomes counter-productive because you frustrate and demotivate them. They may become less productive, less loyal.
Security training may be beneficial too. The employee could be honest and acting in good faith but vulnerable to social engineering, and unwittingly jeopardize the company and its assets. Naïveté can be as dangerous as malicious intent. I would say that many developers lack cybersecurity awareness.
Perhaps you should order a penetration test against your company and learn from it. Thus your security posture will improve and you’ll be better equipped to fend off attacks.
Employees are often the weakest link but you should also consider the threat of hackers and unethical competitors. In other words don’t focus too much on your employees, but develop a 360° security approach for your company.
Physical security is important too. A lost laptop should be no big deal if the hard drive is encrypted and has a strong password. But your backups should be in a safe place. Consider the risk of burglary.
Yes backups are extremely important. Make sure you have a solid backup plan in place, test it from time. Prepare a disaster recovery plan. What would happen if your office burns with all your computer equipment ? You need to protect your source code but also plan for business continuity. Hint: insurance.
If you have valuable IP you could consider applying for patents. Again, this is a lawyer’s job here.
Probably you can find insurance to cover the risk. The question is whether it’s worth paying for a low risk.
I would also offer shares or some equity in the company. Then your employees have less incentive to go rogue and sabotage your enterprise.
To sum up: there are so many possible risks, I think you are putting too much emphasis on the insider threat. You are more likely to get hacked, than sack someone for misconduct.
Your employees must be your allies and considered as such – not as potential foes.