If you have more than a few hundred dollars in bitcoin, buy a trezor - it's the best combination of user experience and security that you can get with such little effort. As for best practices, paranoia helps - assume that everyone wants to steal your bitcoin and assume that anything that can go wrong will go wrong. Eliminate all single points of failure by keeping multiple redundant backups of your private keys in geographically separated, access-controlled locations.