The vPro platform was designed with the idea that it would be used behind a firewall, so, having it directly on the Internet has obvious security implactions as you have pointed out.
Since your system is exposed using an aggressive password management policy is a must. I am guessing that your client isn't part of an classic enterprise network with Active Directory so you'd have to rely on the build in digest account management. Is this correct?
Do you have a certificate authority in your environment? Using mutial TLS may be an option to help secure the communications.