The best balance between security and ease of use is an extra PC just for storing your bitcoins. Any netbook or old PC will do but it is beneficial if it has at least 2 GB of ram.
Make sure you have a fresh installation of your operating system. Linux is best for maximum security but Windows works also.
Disable the web browser or delete any shortcuts to it to make sure this computer is NOT used to access any website, email or downloads ANY files from the internet. Yes, many will advise against the use of windows but this solution is still magnitudes safer than any PC that is used to browse websites or open email attachments.
The next step is to download a bitcoin wallet on another computer and save the setup file to a freshly formatted USB drive.
Here you can chose and download a wallet that fits your needs:
The Bitcoin-QT which is the offical client from the bitcoin developers needs to download the whole blockchain before it can be used (14GB). Electrum uses a server to access and submit transactions so the blockchain does not have to be downloaded and wont take up your hard drive space. Also a huge plus for Eelectrum is that it uses a wallet seed phrase. So in case of backups you only need to remember(or print out) 12 words in a specific order to restore your wallet. Means 1 backup and you are done with no regular future backups needed.
The Bitcoin-QT client needs regular backups of its wallet file as every 50 transactions new change addresses are generated and saved in your wallet with its matching private keys.
When you install the wallet software from the USB stick make sure to check the certificate of the setup if available:
This ensures that the setup file does not contain malware and is in fact the real setup.
After the installation you can create 3 backups of your wallet file, on 2 different storage mediums as described in the getting-started-section.
Do not send any coins to this new wallet before creating the backups, just in case something goes wrong when creating the backups to rule out any user error.
From now on the only software that connects to the internet on this PC should be the wallet software and system updates. Nothing else.
If you want to do a transaction you can use the USB-stick and create a text file (.txt) on it with just the bitcoin address you want to send the bitcoins. Open the text file from the USB-stick on your wallet computer and you can copy & paste just the bitcoin address that you want to send the bitcoins to.
That’s it. Now your main PC can be compromised / infected with malware and your bitcoins are still safe. Even if your house burns down you still have your bitcoins because you stored one backup offsite according to the 3-2-1 rule mentioned earlier.