You should first consider how you want to secure the RDP connection. You could setup a VPN connection, you could lock down ports on the firewall to only certain IP addresses, you could add MFA to prevent brute force password attacks, etc.
To save yourself a lot of time, check out our TruGrid product to see how we have built in security to secure RDP ports, built-in MFA, and built-in Dark Web scanning. No need to adjust your firewall or open any firewall ports. Don’t let hackers even know where your network is located in the first place.