It is in fact a company setup. I'm looking at using encryption based on certificates / keys that are installed to the user based on GPO upon login to our AD. I'm still experimenting with it, but in theory, if someone has the files, but is not logged in our domain, they wouldn't have the key to decrypt it, and the data should be safe if copied to somewhere outside our network.
Thanks to everyone for all the input so far.