First, we think hot wallets cannot be secure as many sites like Mt.Gox were hacked in the past no matter how hard they tried to secure their sites. So, we do not use hot wallets. Instead, we store all your Bitcoins in an offline computer (cold-storage) that cannot be accessed through the Internet, and the online wallet is only for monitoring purpose and cannot be used for withdrawals. The offline computer's hard disk and the wallet are all encrypted so even if some people get physical access to the offline computer, they still cannot access the wallet. Also, withdrawal requests are manually checked before they are processed.
Second, when we copy the double checked unsigned transactions from the online computer to the offline computer to sign, we do not use USB drives, as the online computer may be infected with virus (although this is unlikely as both the offline and online computers are based on Linux. The offline computer is dedicated for signing transactions after the Linux system was installed, so there shouldn't be any virus). We convert the unsigned transactions to a QR code and show it on the online computer's screen, and then we use the camera of the offline computer to scan it. After signing the transactions, we display the QR code on the offline computer and use the online computer's camera to scan the signed transactions and propagate them into the Bitcoin network.