I agree that it should be stopped, your company confidental information is going through an untrusted 3rd party that you don't have a contract with.

I disagree with tedob however that
a good firewall would stop binary streams from entering even threw port 80
If it did that, you would not be able to see any images on the web nor download anything.

The easiest way of stopping it is to contact the individuals involved, ask them to stop, and write something into the next version of your AUP which specifically prohibits doing this (if there isn't something which already implicitly does so).

Obviously if they keep doing it after they've been told not to, then they can be sacked for misconduct (assuming the individuals involved aren't company directors )

Slarty