Use strong passwords that are unique
If your password can be spoken or came from a dictionary, you need to update it.
"eiTq61Hz" is a good password; "*msg%J39RthN" is a better password. Using tools such as LastPass can help create great passwords and also type the passwords in for you. This way you do not have to remember all your passwords.
Using two-tier authentication
Two factor authentication is a process after you put in your password and click login, you will be asked to type in a code that was texted to you or came from a special app. What this prevents is people gaining access to your email just because they have your password. They would also need your cell phone to get that secondary number needed to login.
Watch out for phishing emails
Good ol' phishing email; these emails fake the look of real emails from services you have accounts with like Facebook, Google, OneDrive, etc. One example is files that are being shared with you, the email will ask for you to put in your username and password. But, once you type that information in you are really sending that information to a person on the other side. They use that information to login to your accounts acting as you. (This is were the two-factor authentication helps.)
Never open unexpected attachments
This one is simple, if you are not expecting to receive an email that is asking for information or has an attachment, simply delete it. You could then ask who ever you think sent that email if it was a real email, if they say no "YAY!" you're safe. If they say yes, have them resend it.
Never click the “unsubscribe” link in spam emails
This use to be a good way to stop those marketing, promo, spam emails. Once the bad guys figured that out they started using them. Sometimes these links send you to fake websites that look just like the website the email came from. Once you are at their website they will probably ask for some type of username and password to gain access to your account.
Never give out your passwords. Google will never ask for your password in an email, message, or phone call.
This one is similar to how banks will not ask you what your social security number is over the phone. Your services like Google, Facebook, Twitter, etc will not email you asking what your password is. They have all of your information so they don't need to ask.
Set your email to automatically block and remove zip files
Zip files are/can be very dangerous, things can be hidden in them. Email platforms today can be configured in a way that if you are sent a .zip file it is automatically removed. If some one needs to send you a large file it is best the send you a direct download link.