If you don't have a CA and Recovery Agents configured in your environment there is the danger a user could encrypt files that only they will be able to decrypt and open. If the user leaves, no-one else will be able to access these files, not even Administrators!
Therefore if you don't use EFS in your company, its safer to just disable it completly.
To do this, in Group Policy Editor, create a new GPO and link it to the OU which contains the computers you wish to disable EFS for (or edit an existing GPO).
Edit the policy, Computer Configuration\Windows Settings\Security Settings\Public Key Policies\Encrypting File System.
Right click the Encrypting File System and select Properties. Select 'Don't Allow'
Now the option to encrypt files and folders will be unavaliable to computers within the scope of that GPO.