WinRm (Windows Remote Management) is a powerful tool that can also be abused. There are some configurations that can make it more secure. These can be configured through Group Policy.
Plain Text Passwords
Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service - Set "Allow Basic authentication" to "Disabled".
Allow Unencrypted Traffic
Computer Configuration >> Administrative Templates >> Windows Components >> Windows Remote Management (WinRM) >> WinRM Client - Set "Allow unencrypted traffic" to "Disabled".
You can further restrict permission to use WinRM by host.