...
Eg an NDA is a risk management strategy, but that is just general business practice, if you are not signing an NDA then that is a risk in itself.
Other topics
Job Roles
It’s good to have job rotation, times away from the role to ensure that there is no systemic or malicious activity happening.
Separation of job roles - eg having separate person that makes payments vs setting up new vendors in your system, or have approval processes for setting up new vendors.
Clean desk policy - that is not specifically saying no paper on the desk, but being aware of the risk of all information when dealing with it.
...