I would like to add that even though Remote Utilities themselves take care of security, I still like to add another layer using an encrypted tunnel to route the RU traffic through. While this approach takes more setup time and more CPU power (double encryption), it does have distinct advantages:
1) More control over the actual encryption process. RU now uses TLS, but there isn't really much information on how exactly it is done. Every TLS version, including 1.3, can be used in an insecure manner. For example, all it takes to pretty much break the TLS security is to incorrectly implement certificate verification or the reaction to certificate verification messages of the used SSL library. Using a tunnel, I can control this very well, even add features not available in RU (e.g. a smart card may be required to perform the connection).
2) More control over the communication. Specifically, using a tunnel in conjunction with a firewall I can *enforce* that RU does not talk to anyone else than the intended target - all RU communication except for to/from the tunnel is automatically disabled. The documentation says that in a direct communication this is always the case, but with a tunnel+firewall, I can be sure - even taking into account possible errors in the implementation of RU.