3. Set up Two-Step Verification

This is the most important step in Google's Security Checklist. an extra layer of security to your Google account by requiring a special code to be entered on trusted computers once every 30 days, and any time you are accessing the account from a non-trusted computer. But this doesn't happen by default; you have to set it up with Google first.

I'll add that printing your backup verification codes is more secure than saving them to a text file. If you do choose to save them to a text file, don't name it "Backup Google Codes" or something similar.

While with Google is self-explanatory, this video from Google helps it make a lot more sense.

4. Require Google Accounts Used For Business to Be Secure