DEV Community

Seth Keddy
Seth Keddy

Posted on

Personal Lessons on Keeping Legal Data Safe When Installing Clio, MyCase, and LexisNexis — Especially On-Premises

#encryption #securebackups #legalcompliance #legalsoftware

Digital Tools Every Modern Lawyer Should Know

Real-World Insights from Installing Clio, MyCase, and LexisNexis

When I began deploying case management tools for legal clients, I thought the software would be the hard part. It wasn’t. Tools like Clio and MyCase install smoothly for most small to mid-sized firms. But the security, data location, and compliance demands? That’s where the real work began — especially when LexisNexis entered the mix with its deep on-premises footprint.

This article shares my firsthand experience with all three tools and provides a candid look at how to secure legal data — whether it’s hosted in the cloud or locked in a server room across the hall.

The On-Premises Reality: It's Not Just Servers — It’s a Fortress

With LexisNexis, I’ve stood in server closets where every detail mattered — from door locks to cooling systems.

Key Takeaways:

  • Physical Security: Servers must be in locked, access-controlled rooms. One of my clients had a badge-access-only policy with cameras on entry.
  • Environmental Control: Heat is a threat. I’ve seen improperly cooled LexisNexis servers crash mid-week. AC redundancy matters.
  • Limited Access: No "tech access when convenient." We implemented change management and maintenance windows to protect audit trails.

Lesson: On-prem means ownership, not just control. If it fails, you fix it. If it's hacked, you answer for it.

Server Security Isn’t Optional — It’s Mandatory

Deploying LexisNexis on-site often meant custom firewall rules, hardened operating systems, and isolating databases behind layers of protection.

What I Did:

  • Locked down services: Stripped Windows installs to reduce attack surfaces.
  • Configured firewalls: Allowed only required ports, including custom TCP configurations for SQL and internal tools.
  • Deployed endpoint protection: Not just antivirus, but behavioral monitoring. One client nearly lost everything due to an AV update conflict.

Real Talk: If your case data lives on a network with shared printers and guest Wi-Fi, you’re already compromised.

Encryption Everywhere — Or Else

Whether cloud or local, encryption is the insurance policy most firms ignore until it’s too late.

My Practice:

  • Clio & MyCase: While their platforms encrypt cloud data, I always exported client reports monthly and encrypted them before archiving.
  • LexisNexis: I set up Transparent Data Encryption (TDE) on all SQL databases. Even backups were AES-encrypted before offloading to secondary drives.
  • TLS Enforcement: I disabled unencrypted traffic. No exceptions. Even admin consoles required secure connections.

Users: The Weakest Link in Every Legal Tech Setup

Security dies at the hands of the user. That’s not cynicism — that’s experience.

Common Failures I’ve Had to Fix:

  • No MFA on cloud apps: Lawyers pushed back on MFA until we showed them how quickly compromised accounts could expose client data.
  • Shared credentials: Multiple paralegals using the same login? Seen it. Fixed it.
  • Improper permissions: On LexisNexis, admin roles were too commonly granted. I cleaned house and implemented Role-Based Access Control (RBAC) tied to HR roles.

Backup Isn’t Backup Without Testing

I’ve had law firms call me after a breach or hardware failure, saying “We’ve got backups.” They usually didn’t.

My Backup Strategy:

  • Daily encrypted backups for LexisNexis databases using SQL Agent jobs and PowerShell for redundancy.
  • Weekly offsite replication: To a NAS in another building or cloud bucket (Azure/Backblaze).
  • Restore tests every 90 days: Simulate a disaster and walk through recovery end-to-end.

Tip: For Clio and MyCase, export key data monthly — billing, case summaries, and client notes. Assume breach, plan for recovery.

Patch Management: Controlled, Not Reactive

With LexisNexis:

  • I maintained a dedicated test instance for all patches.
  • Scheduled quarterly maintenance windows.
  • Created rollback plans for every update.

With Cloud (Clio, MyCase):

  • Watched release notes closely — especially changes that affected integrations or API behavior.

What I Wish Every Law Firm Knew

  • Cloud ≠ carefree: Even with Clio and MyCase, how your team uses the tool is as important as the tool itself.
  • On-prem = full accountability: From hardware to patches, you are the vendor now.
  • Security is a lifecycle: Not a one-and-done project.
  • Backups must be automated, encrypted, and tested.
  • Training beats tech: The most secure system fails if your users fall for phishing emails or reuse passwords.

Final Thoughts from the Field

Deploying legal case software isn’t just about features. It’s about long-term trust, secure access, and reliability — especially when real client cases, financials, and evidence are at stake.

If you're running Clio, MyCase, or LexisNexis, you already have powerful tools. But tools don’t protect themselves. You need good processes, proactive oversight, and a healthy dose of skepticism.

I’ve made mistakes. I’ve learned from fire drills, data loss, user missteps, and system crashes. And I’ve built environments that clients still trust years later.

Want a deeper dive into backup scripting, secure cloud sync, or remote data access workflows? Just ask — I’ve been there.

Top comments (0)