The NCM thick client is configured to use HTTP by default. Change it to HTTPS to make the NCM thick client secure.
The client protocol is controlled by the HTML landing page from which the client is launched.
In addition to using HTTPS, you can block the non-SSL ports through the use of a firewall between the client and the server. The ports to block are TCP port 80 and TCP port 8881.
Note: Port 80 must not be blocked on the loop back.