A friend of mine owns a tech-company and he said that one of the biggest problem he faces is that when a programmer leaves the company, they somehow, copy and share the code with their personal GitHub account. What preventive measures can be taken in this regard? The whole code resides on GitHub.
If the code is in a public repository anyone can copy it. So I'd assume this must be a private repository.
The employees account should be revoked on GitHub. This stops them from continuing to access the repository. Github also allows you to see the number of unique users that have cloned the repository. If this goes up unexpectedly just before the employee leaves you have an indication that you need to investigate - at this point you should ask Github for the IP address logs.
Meanwhile if you have any feasible evidence the user has copied the repository as is to their own personal github account technically it would be trivial for github to check. They could simply compare the HEAD commit SHA against your repository. Whether they would do so without a court order I do not know.
Saying this github is just one of many vectors go get code out of an organization. If you allow users to clone repositories onto personal equipment (say work from home) then you can never fully prove they haven't copied it elsewhere. If they have USB access to their work machine what stops them manually copying it off? If internet usage is not monitored and restricted they can just zip it up and upload it to any of a number of file hosting sites. And if worst comes to worst there is always the take a photo of the screen on a personal mobile device or print the lot out and walk it out the front door approach.
Companies often find attempting to resolve issues like this with technical measures are bottomless money pits that end up hindering developers work and morale. I'd suggest usually a far better approach is to try and push a culture where developers respect you enough to not attempt to steal from you. Meanwhile if ever you have viable proof an employee has abused their access to follow the correct legal process.