I'd look at it the other way round - what functionality are you not providing (or that they are not aware of) so that they feel they need to obtain it from an outside service like Dropbox?
Are they collaborating on documents and trying to avoid emailing new versions around all the time?
Do they have files to get between people that hit email attachment size limits?
Are they concerned about doing a load of work on a document on their laptop and the disk dying, or the laptop getting lost or stolen and losing their work?
Do they need access to their documents from mobile devices (given the Dropbox is almost the defacto filesystem for iOS)?
Do they need or want to work on documents from non-work devices, like a home PC?
If this is data that needs to be controlled (and if it does, you really need proper controls and classifications for it already) then you probably do need to have a conversation about responsible data handling, and the consequences of losing it. The unencrypted laptop left in a taxi is a classic data loss scenario, but if the user was syncing data via dropbox to a home PC that is lost in a burglary, it amounts to the same thing.
If it is not subject to strict controls, then putting barriers up is often counterproductive. People will always find ways to bypass them unless you spend a lot of time and money closing all the doors, and then they'll waste a lot of time trying still.
There's a lot of more business-focussed alterntives like Sharefile (aquired by Citrix a while ago), or things like the Microsoft Skydrive Pro idea where the storage is your own Sharepoint site, or Office 365 tenant.
I'd go to them and try to understand why they started using it, what they're using it for now, what headaches it solves, see if there are real concerns about the data leaving the company, and what you can do to offer something better in-house.
(fwiw, I have company stuff on Dropbox - anything potentially sensitive lives in little truecrypt volumes though)