To protect your account you will need to check and fix at least all of the following settings. Once your password has been reset by ITS, first you need to check the bottom of the Inbox and make sure your account is not open at any other locations. If it shows additional locations, open the Details window and “Sign out all other sessions”.
Now check the following settings by clicking on the “gear” icon and choosing Settings.
Settings -> Accounts -> Google Account Settings -> Change Password [pick a new secure password]
Settings -> Accounts -> Google Account Settings -> Change Password Recovery Options [verify secret question, SMS and recovery e-mail address]
Settings -> General -> Signature [make sure nothing as been added]
Settings -> General -> Vacation Responder [make sure it’s disabled and empty]
Settings -> Accounts and Import -> Send Mail As [make sure it is using your correct e-mail address]
Settings -> Filters [no filters that forward or delete e-mail]
Settings -> Forwarding and POP/IMAP -> Forwarding [disabled or correct address]
Settings -> Forwarding and POP/IMAP -> POP Download [disabled]
Settings -> Forwarding and POP/IMAP -> IMAP Access [disabled]
To prevent future problems, you may wish to consider turning on two-factor authentication. This causes Google to send you a text or voicemail with a code each time you log into a new computer. It is very effective at thwarting any unauthorized use of your account. To read about two-factor authentication, see https://www.google.com/landing/2step/.