For virtually all disk encryption tools, your encryption key will be stored in RAM while the computer is in use or in sleep mode. This of course presents a fairly significant vulnerability, because if someone can dump the contents of your RAM while keeping its contents intact, it is likely they can extract the key from the RAM dump using widely available commercial software such as Elcomsoft Forensic Disk Decryptor which claims to extract Truecrypt, Bitlocker, and PGP keys.
To protect yourself against this, you'll have to make it harder for an attacker to obtain a RAM dump. The easiest way to obtain a RAM dump is by using software programs that come with many forensics toolkits (which are also freely available). However, the catch is that in order to run these programs, they would first have to unlock your computer. If they can't unlock your computer to run programs, they can't launch any RAM dump utilities. For this reason, having a strong Windows lock screen password is important!
(Also, just to be realistic and state the obvious, the lock screen password is also important because if an attacker is able to guess it, they could just grab a copy of your files right then and there and not even worry about finding your encryption key. For a run-of-the-mill thief interested in obtaining your data, this would probably be the most realistic threat IMO)
A more sophisticated way is to use a cold boot attack; this takes advantage of the fact that contents of memory will remain there for some time (from a few seconds to a few hours if the RAM is cooled with a refrigerant) even after power is turned off. The attacker can then bypass Windows and boot into a RAM dump utility or physically move the RAM to a different machine for reading. This kind of attack significantly harder to protect against.
Lastly I'd also mention that development of Truecrypt stopped a year ago for unknown reasons and it is no longer supported, so I would recommend moving to one of its forks such as Veracrypt.