There are at least three factors to consider when security is your most important goal: risk (of loss), convenience, and cost. There's no single solution which maximizes all three. (And of course there are plenty of other non-security-related factors, e.g. privacy, tx validation type, software license, protocol stance (block size/RBF/SegWit), etc.)
I'm not an Electrum expert, but I believe you'd have these five options: "standard" online; standard cold/watching-only; 2FA; multisig; and hardware. The breakdown in order of best to worst looks something like this (and even this is somewhat a matter of opinion):
Risk
Cold/watching-only & hardware > multisig > 2FA > online
Convenience
Online > 2FA > hardware > multisig > cold/watching-only
Per-tx Cost (least expensive to most)
Hardware, cold/watching-only & online > multisig > 2FA
(Of course, hardware wallets have a startup cost, and so might cold/watching-only, multisig, or 2FA if you don't already have spare hardware/phones available.)
So the best option for you is impossible for me to say, but if you have any specific questions about the above, ask away!