Good question. On our side we're using an SSL / HTTPS secure connection. That is an industry standard 128-bit encrypted connection. When you're logged in, click on the lock icon in the URL for more information on the security used.
I'm sure you're way ahead of me on this, but how about your side? Do your administrators use secure passwords? Do you require each team member working the command on a critical incident to be separately logged in? Or does one admin username and password get passed around for that? I can tell you that locally we decided up front that each member working the command bus needed to have their own login and permissions for accountability reasons, no generic logins. These are things you need to establish from day one.