I hate to say it but company data is most definitely on personal computers.

This is why stuff like adaptive MFA and DLP are a thing. What most people don’t know is if DLP is properly implemented the IT team/department have records of who, when, where, and what device were used to not just access/download data/files.

The problem is a lot of companies don’t properly implement DLP because it’s not a turn key solution. You need to properly classify your data first and that requires essentially a company wide audit with buy-in from all levels of management. After the classifications you can then implement restrictions and compensating controls.

Back in the day you could just block USB/network transfer, but if you have data accessible outside of a corporate network you then need to implement conditional access/adaptive MFA where only registered devices are permitted to access certain systems.

My search results were showing Firefish th CRM/Recruiting software as well (used DDG).

Seems like the devs might want to consider changing the project name or work on SEO.

Edit: changed my search to “Firefish Open Source” and it produced results related to OPs comment.

If an attacker has physical access to a computer, the game has already been lost.