This is about more than just pirated software. Depending on where the Beijing office got the software, it could be carrying a malware payload that handed over back doors to all of their computers. China is well known for using corporate (and other) espionage to further their political agenda. Hooking into company systems to exfiltrate any possibly valuable data is far too common.
Quite right. Given my druthers, the first and most important thing I'd do is strip them of any and all administrative rights and, most importantly, re-Ghost the boxes nightly or run them as thin clients. The security situation is so poor in-country that you shouldn't even consider letting the local staff manage their own stuff if we're talking about such a tiny little office. Five guys wouldn't warrant a separate sysadmin in the states, and it still doesn't abroad when you've seen malfeasance on this level and are operating in a country with a massive corporate espionage problem. Again I say, strip them of their rights.
Make sure you have a couple of spare, online, patched workstations ready to go for when one fails 'cause you don't want them to have to have local admin rights. Grab yourself an IP-KVM, too and make sure you have two ISPs running into the office, even if the second is just some dinky little 256kbps line. That'll give you the capability of having them jack a KVM-enabled computer into a switch or firewall for diagnostic purposes if one of the two networks goes down and you can't remote into those devices. Likewise, it'll give you the capability of taking a peak at a bad NIC prior to having them swap a workstation out for one of the spares. Having Ghost on the network or something like it would be useful at that time to allow you to replace the no-longer-spare equipment you've had to have them put into use.
If I could get approval to do so, I might also lock down their workstation's USB ports and optical media to the point of uselessness and drop a monitor-less *NIX box with good AV software somewhere in the office with a ton of USB ports and DVD-ROM drives to remotely scan and introduce anything they think they might need onto the network myself. This should, of course, also be paired with an HTTP proxy that blocks any sort of executable code beyond the stuff that's used to render a normal webpage from coming in. I'd then set up MAC address whitelisting on all networks, wired and wireless. This would be a PITA, but it would give you an extremely high level of control over the network there, going far beyond what you have now, and limiting any practical attack vectors to hardware based attacks (keyloggers) and viral attacks embedded in flash apps, PDFs, etc. I don't think I'd bother with this step back home, but it seems worth it in China. Of course, this carries with it some rather dramatic drawbacks if your "design" shop is doing software engineering, and probably shouldn't be considered. Seems perfectly reasonable if we're just talking about artists or a bunch of people running AutoCAD.
Protecting your proprietary knowledge is probably well worth the level of hassle you'd be subjecting everyone to, yourself included, by doing the above.