I'd take this to r/sysadmin or r/techsupport (maybe not sure it's in their wheelhouse)

Similar to this:

https://techcrunch.com/2020/03/04/anthony-levandowski-ordered-to-pay-179-million-to-google/

If the ex-employee is stealing data and trade secrets, he is personally liable for a substantial amount of money.

Sounds like he could be in some serious legal trouble.

He could be pulling data about clients, prospective employees, or in house architectural systems to get his own off the ground. Depending on your company there will be a retention period for those emails and even if she deleted them from her inbox they will be available on the server for IT to inspect.

This doesn’t sound great.

I think you should be more worried about the apparent lack of protection your IT department has failed to set up for your organization. Your entire dilemma is manageable and for the most part avoidable with basic Office security and endpoint settings so you either have a fluke of an IT person who failed to enable such settings or set them up correctly or someone who did but failed to do their jobs as these items were flagged and reported to admins.

[deleted]

Can also try r/asknetsec

I’d plan to get a lawyer once you figure out what is happening.

What kind of dumbass would set that up then have an email sent.

If it’s a legit enterprise mail server, then a mail trace or logs can reveal what the emails contained. A simple email with “synchronization complete” as the only contents isn’t necessarily a fire but it’s definitely smoke. I’d check for any software or services on file shares or databases. Why is her email still sending emails after her separation from the company?

[removed]

You’ll want to embed a virus into a file that appears lucrative to them, a sort of honeypot, if you will. Once you gain access to his systems, encrypt 2kb of every file and drop him a ransom note for the BTC.