Here are some measures to enhance RDP security:
1. Change Port Number:
Change the default port 3389 to another non-standard port. This won't provide complete protection, but it can reduce automated attack attempts.
2. VPN:
Set up a VPN so that users must connect to your internal network before accessing RDP, adding an additional layer of security.
3. Multi Factor Authentication:
Implement MFA to add an extra layer of security. Even if someone obtains your password, they will need a second factor to gain access.
4. Group Policy:
In a Windows environment, you can use Group Policies to set limits on login attempts and temporarily lock accounts after several failed attempts.
5. Geolocation Policy:
Consider geolocation blocks (such as allowing only required countries).
6. Virtual Appliance:
Do not leave RDP ports open. Using a network virtual appliance (NVA) like pfsense and openvpn would be the best solution, or if it's for a few users, you can restrict the RDP rule to specific home IPs.