First, we think hot wallets cannot be secure as many sites like Mt.Gox were hacked in the past no matter how hard they tried to secure their sites. So, we do not use hot wallets. Instead, we store all your Bitcoins in an offline computer (cold-storage) that cannot be accessed through the Internet, and the online wallet is only for monitoring purpose and cannot be used for withdrawals. The offline computer's hard disk and the wallet are all encrypted so even if some people get physical access to the offline computer, they still cannot access the wallet. Also, withdrawal requests are manually checked before they are processed.
Second, when we copy the double-checked unsigned transactions from the online computer to the offline computer to sign, we do not use USB drives, as the online computer may be infected with virus (although this is unlikely as both the offline and online computers are based on Linux. The offline computer is dedicated for signing transactions after the Linux system was installed, so there shouldn't be any virus). We convert the unsigned transactions to a QR code and show it on the online computer's screen, and then we use the camera of the offline computer to scan it. After signing the transactions, we display the QR code on the offline computer and use the online computer's camera to scan the signed transactions and propagate them to the Bitcoin network.
Third, our system is deployed on the always update-to-date Linux operating system, and we follow the best practices of Linux server management. Our system is deliberately programmed securely. Our databases are backed up every day, and all important information is logged and backed up as well.
(Last updated on 12 March 2018)