diff --git a/systemd/system/remote-backup.service b/systemd/system/remote-backup.service
index 5a96da6..f88e345 100644
--- a/systemd/system/remote-backup.service
+++ b/systemd/system/remote-backup.service
@@ -2,8 +2,34 @@
 Description=Perform remote backup
 
 [Service]
+CapabilityBoundingSet=
 CPUSchedulingPolicy=batch
 ExecStart=/usr/local/bin/remote-backup
+LockPersonality=true
+NoNewPrivileges=true
+MemoryDenyWriteExecute=true
+PrivateDevices=true
+PrivateIPC=true
+PrivateTmp=true
+PrivateUsers=true
+ProcSubset=pid
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectProc=invisible
+ProtectSystem=strict
+RemoveIPC=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@resources @obsolete
 Type=oneshot
+UMask=0077
 User=root
 WorkingDirectory=/root