This is my simple and secure method of operation:
* no wallets on any Windows machine, strictly Linux!
* Linux partitions are encrypted using LUKS - if a hacker aquires my hard drive physically he can suck it.
* wallets are compiled from github repositories. It's very easy to do, for most coins it's "qmake-qt4 && qmake" once you have the dependencies installed, if you don't know what that means at all you should first get some basic linux knowledge, install whatever is easiest to learn (I guess Ubuntu) and play with that a while.
* a small (5MB) TrueCrypt (google that) encrypted container is created for wallet.dat file backups, all wallet.dat files are encrypted using local coin "Encrypt wallet" feature, password is randomly generated and stored in KeePassX, KeePassX database is stored on the same TrueCrypt container. Master KeePassX password in my head. TrueCrypt container password in my head.
* backup wallet.dat for a coin to TrueCrypt after creating a new receiving address. Close (unmount) TrueCrypt when not using, never keep it open. The 5MB crypt file is then copied to an USB flash hidden in the house, also copied to Dropbox. Dropbox can't determine incremental changes for TrueCrypt volumes so you have to have a small file (hence the 5MB) for container because it's sync'ed full after every modification.
* 2FA on all services, instantly withdraw to personal wallet what you're not trading.
That's about it.
Sounds easy for someone who knows how to use Linux. Myself I have no clue how to use Linux and although I know my way round windows, this just sounds like Chinese to me, whit all those commands that you need to know..
I agree, much easier if you have prior knowledge. But if you're stuck with windows at least make sure all your wallet.dats are encrypted with random passwords, and I strongly advise looking into TrueCrypt, it's opensource encryption software, you can create a "container" which when not mounted (not opened in TrueCrypt) is just a blob of binary shit, but when you open it with TrueCrypt it becomes a new drive in "My Computer", you copy your wallets there and close, you then have this TC container to carry around, put on USBs etc.
For Windows it would be better to actually make wallets put their working directories on that TC container, perhaps linking the whole %appdata% folder to TC container, but I'm not sure how to do it on Windows TBH. This way you would have everything encrypted for you wallet 2 times.
You're still at risk from screeen capturing, key logging trojans with Windows so.. Proper security ain't easy shit that's why it's such a big industry (sadly infested by wannabee money sucking consultants though).
) 
