Exchanges and Hot Wallets
Only keep an amount of ether in exchanges or experimental/hot wallets that you are willing to lose. It is generally hard for the community to independently verify their security, release and update practices and thus you should remain extremely skeptical of all online wallets, exchanges and technologies.
If you want to interact with these constantly-changing technologies like exchanges or mobile wallets, make sure to check with the Ethereum community to see what the situation is, what is their reputation, etc. Then make a test transaction to check the accounting functionality is working properly, before sending larger amounts.
Make small test transactions. Test transactions are great ways to make sure the software is visibly functioning and working before going through with large transfers.
Don't rush deposits and withdrawals from exchanges or hot wallets. Take your time and be extremely careful. Read over addresses and values before making any transactions.
Follow good browser practices while viewing and using exchanges.
Always use app-based 2-factor authentication with exchanges (e.g. Authy, Google Authenticator). Some of these authentication applications are vulnerable to attack and has been vulnerable in the past (see this Reddit thread about Authy). In general, having 2-factor authentication is better than no two-factor at all. Still, certain forms like SMS are highly vulnerable to third-parties potentially listening in or hijacking your SIM cards (so stay vigilant).
Always use the maximum amount of security/authentication available.
List of Some Wallet Malfunctions/Bad Exchange Practice, and Known Losses
Many of the current available wallets have lost millions of dollars worth of funds due to UI malfunctions, bugs, and hacks. Here is a small list of some of those and the losses.