I don't hold crypto on exchanges, so the only recourse for someone like me would be to try EOS911. I also keep my EOS main key offline and used an airgapped machine with the Greymass tool for voting for block producers. This is probably the safest way to use your keys now. Signing transactions offline then taking the json file and copying it to the watch wallet connected to the internet avoids exposure of the private key. If you want to be extra careful, wipe your USB drive each time you do this before attaching it back to the internet connected machine. There is still a small risk that malware can ghost write to the USB, so you should check disk usage after wiping.