Yes, but if you search on the web you will find about a million links telling you how to do it so it is a very open secret you will even find on ASC. The thing is, in your linked article it also indicates how you do it varies with model and for the at least some MacBook Air models you have to take it into the store.
I think the OP needs to assess the situation. Frankly I don't think somebody is going to sit at their desk and take the computer apart (a very noticeable activity in itself!) in order to hack their way into being able to check their Hotmail on work time. If they are hacking their way into credit card numbers on another account and have to take apart the computer to do so then the whole security setup should be changed so valuable data are generally more secure. If the employer thinks a person is that untrustworthy and/or the security of the data dictates it, do something like removing the internal drive, only booting from an external, and lock the drive in a safe at night. Even a safe can be broken into. I recall reading a story where they said safes are not guaranteed unbreakable, they are rated by the time it takes to get into them. This is similar. Setting a firmware password adds another layer to deter casual hacking. If it isn't enough then there are more serious concerns with the work environment or general data security.
Thank you Kurt, but I was looking for more of an enterprise solution.
That is the enterprise solution, but maybe not the one you want to hear about. For more, see SL Security Guide, for getting started. Apparently, Apple doesn't think it's an issue since they've not published one for Lion or ML, so I surmise it's applicable for the newer OSs.