This is how I personally keep my IOTAs safe:
(this is no financial advice, recommendation or guarantee, just my own experience)
every reasonable crypto person tells you: do not leave your coins on any exchange, because you are always exposed to a third party (risk: fraud, insolvency, scams, etc.) in order to really own your coins/ tokens/ assets you have to be the one an only person to know and keep your private key safe!
take a piece of paper and write down your seed; 81 random letters from this set (ABCDEFGHIJKLMNOPQRSTUVWXYZ) you can also include the number (9). Example (do not use this seed or anyone reading this post can control and therefore steal your IOTA): RFGGEJWZ9EFSAANYOVBV9CUEQDFNSMXBIWZNOVAXWCYDKHDTZQQGBDFGHONYRNTD9BXLCSGXISBZZA9FV
Download/ install the latest official IOTA wallet here:
Use the right file for your OS: windows = .exe / apple = .dmg / ...
Open IOTA wallet and insert your seed (make sure you have the latest version of the wallet installed, make sure your node configuration is set correctly). Your Balance should show 0
Attach an address to the Tangle. Go to "RECEIVE" and click on "ATTACH TO TANGLE"
After the confirmation "Attached to Tangle". Click on the address to copy it to your clipboard
Go to your exchange (or unsafe wallet) go to the respective "Withdraw" section and send a small amount of IOTAs as a test tx (transaction) to your wallet address
Go back to your wallet and check if the tx was received. As soon as the tx has changed the status from "Pending" to "confirmed" you can send the rest of your IOTAs. It is recommended to attach a new address for every tx, but it is technically possible to use an address several times.
If you are really paranoid you can create as many seeds and separate wallets as you like and distribute your IOTAs accordingly.
For the day where you would want to sell your IOTAs for any other crypto or fiat (which I dont recommend any time soon, hodl°°) send your IOTAs to the address of the respective exchange and trade.
Remember a private key/ seed cannot be restored by anyone if you lose it, that was the whole point of Distributed Ledger Technologies in the first place: To have total control/ ownership of the assets that you really own. As soon as a third party comes into play we are back to 2008.
Stay safe. Do your own research. IOTA ftw 2018.