The Dude work perfectly also on remote devices, also by VPN...
If you have at least one public IP, you can make VPN between all remote devices and the Router with public IP.
If that link is for administrative purpose only (not for link the shops) you can, with proper config, "see" all remote routers on winbox and you manage what you want.
Obviously some rigid rules must be followed like:
"Open" winbox and ssh services only on remote vpn (accept only on local reserved physical ethernet port or from well knowed remote static IP)
Do not use same password for each device, if only one is compromised, all is compromised...
Delete the user admin after create another, but do not use "standard" names like root, ubnt, sysadmin, etc.
Use one "downgraded" user for remote access, and use the privileged user just only when strictly needed
Use complex password
Do not use RouterOS below 6.47.10, too much knowed hack...
Do not use RouterOS beta or release candidate
Do not reboot router uselessly
Do not do auto-upgrade
Do not save credentials on winbox adress list if the PC is not a "desktop"
Do not save credentials on USB
Do not put export on forum (hide-sensitive or not) untill you have read and understand the leaking risk of each line.
Do not follow rules