Use common sense
This is the most important aspect of IT security. When handling sensitive information, think one extra time about how the information is sent and stored and if it can be compromised.
The damage of a security breach
Most security breaches that happen do not result in leakage of data that can be maliciously exploited. Even so, the bad publicity of a security breach is itself damaging enough so even if you are not handling sensitive data it is good to adhere to best practices to avoid unnecessary problems.
Multi-Factor Authentication - MFA
Any account that supports it should have MFA enabled, especially all Google accounts since it gives access to sensitive information. Google supports MFA using SMS or Authenticator app, both yield equivalent levels of security. The process to enable it is described here.
It is recommended to use password managers like 1password or Lastpass. Never use the same password on two different sites and use a password recipe of 12+ characters with small letters, capital letters, numbers, and at least 3 symbols. These passwords are not meant to be remembered so there is no point in using shorter passwords that are easier to enter manually.
Use a strong password that you have not used anywhere else to access your password manager. This cartoon actually makes a lot of sense when choosing a password.
Email is inherently an insecure medium of communication. Even if you have an encrypted SSL/TLS (https) connection to your email client the messages themselves are sent in plaintext to any intermediate servers on the path to the destination mail server. There are ways to encrypt email traffic but doing so only protects you from emails you send. The risk of the messages being forwarded without encryption is substantial. Therefore it is recommended to keep email communication unencrypted to avoid a false sense of security and instead use explicit proper encryption when sending truly sensitive information. See next section for details.
When sending and receiving sensitive information it is recommended to use GPG, an open-source implementation of PGP which uses private and public keys to securely encrypt and sign data files. For OS X the recommended software is GPG Suite.