The #1 way hackers gain access to online accounts is to FIRST gain access to the email address on the account. This way they can use the Forgot Password Link, check the email, change the password, then delete the email so you never see it. Once they have access to your email they can use that email to reset passwords on almost any provider.
So make sure that YOU and EVERYONE in your organization has good email passwords, we recommend using 1Password to generate and store passwords. 1Password can also help you identify compromised logins.
We also recommend activating 2 Step Verification (2FA) if it is an option on your account. This way anyone that tries logging into that account first needs to enter a code that is first texted to a cell phone.
You can check to see your email has been exposed in any data breaches at:
https://haveibeenpwned.com/
You can check how strong your passwords are at:
https://www.security.org/how-secure-is-my-password/
