What's common sense when it comes to minimising the risk of employees spreading critical information to rivalling companies?

As of today, it's clear that not even the US government and military can be sure that their data stays safely within their doors. Thereby I understand that my question probably instead should be written as "What is common sense to make it harder for employees to spread business critical information?"

If anyone would want to spread information, they will find a way. That's the way life work and always has.

If we make the scenario a bit more realistic by narrowing our workforce by assuming we only have regular John Does onboard and not Linux-loving sysadmins , what should be good precautions to at least make it harder for the employees to send business-critical information to the competition?

As far as I can tell, there's a few obvious solutions that clearly has both pros and cons:

1. Block services such as Dropbox and similar, preventing anyone to send gigabytes of data through the wire.
2. Ensure that only files below a set size can be sent as email (?)
3. Setup VLANs between departments to make it harder for kleptomaniacs and curious people to snoop around.
4. Plug all removable media units - CD/DVD, Floppy drives and USB
5. Make sure that no configurations to hardware can be made (?)
6. Monitor network traffic for non-linear events (how?)

What is realistic to do in a real world? How does big companies handle this? Sure, we can take the former employer to court and sue, but by then the damage has already been caused...

Thanks a lot