Many of you live in places where devices like Trezor and Ledger aren't available locally and you may just happen to be too lazy (like me) to buy one online and have it shipped to your place via some online shipping service. No worries, I'll be sharing my method with you of making sure my funds are locked in tight and out of harm.
First and foremost, never keep anything you're not willing to lose on an online exchange. Exchanges get hacked all the time and they're the worst place to hold your funds. I normally only keep a small amount that I use for regular trading, anything more is just too risky. I'm saying that even though I have 2FA enabled on all of my exchange accounts (which is a must).
I would only suggest holding your funds in private wallets (i,e: Mycelium wallet for Bitcoin, MEW for Ethereum and ERC20 tokens, ...).
Your funds can only be safe by making it nearly impossible for malicious third parties to access your raw private key data. That can be done in numerous ways. And, the best way is to have your private key encrypted with a password all the time and never typing it in raw form to access your wallet, that way it would become extremely difficult for a third party to access it.
Maybe you want a device that you can use like a hardware wallet? You may have an Android phone laying around at home. You can start by wiping it clean and loading a new stock image to get rid of any malware if present. Next, I would pretty much recommend disabling the phone's access to the internet and deciding to only use it for holding your funds. Then, connect it to your PC and temporarily use it as USB media storage (that's way better than using a flash drive to store your private keys since an Android USB media storage provides an interface that is way more secure). Next, you would download your password-encrypted wallet file. If the wallet your using doesn't provide that functionality, you could use WinRAR to lock any file with a password (look that up). Once the file is inside the phone's internal memory, plug out the USB and disable USB media storage on your Android phone.
And it's done. Your private key backup is safe and sound. What I'd also suggest is to only access your wallet data using your public key (through a block explorer, for example), that way you don't unnecessarily compromise your funds every time you want to check your balance and/or transaction history. Also, if you really need to access your wallet (e.g, to send funds elsewhere), I suggest to access your wallet on a clean device using only your password-encrypted wallet file, never type out your private key in raw form as that could expose it to keyloggers and/or any malicious parties on the network.