How can firms use Remote Desktop Protocol without leaving the door open for cybercriminals?