Here's some things you can do to keep your Steam account (and the rest of your computer/network safe). I don't do all of these (yet) and it's just what I can think of off the top of my head. I'm not going to go into a lot of detail, but feel free to ask if you have any specific questions.

Use a unique password and enable two-factor authentication on your Steam account (a.k.a. Steam Guard), it's not useless and will save your account unless an attacker gains access to your local file system. Ideally use your phone, not email (remember to generate some backup codes in case you lose your phone) If you want to be extra safe, don't store login information. It may be a little extra hassle having to type it every time you start Steam, but if you do this it will be extremely hard to gain access to your account as you will not only be required to type your password each time you login, but also the Steam guard code. Stealing the Steam Guard file from your PC wouldn't help an attacker one bit if you do this.

Same thing for your email account: use a unique password and two-factor authentication! There is literally no excuse not to do this, regardless of whether you use Steam or not. If someone gains access to your email account, they have access to pretty much every other account you own, even if it uses a different password, through the password reset function. This means your email account is a prime target for hackers. Keep it safe! If your email provider doesn't offer two-factor authentication, then stop using that shitty email provider and find one that does.

Block access incoming connections to your network from the IP ranges of countries known to be a frequent source or malicious attacks. This one is a bit more advanced and you'll probably need a more professional firewall to do it, since the one built in to your modem/router probably won't cut it. I use pfSense and the addon pfBlocerNG (a package/add-on for pfSense). This allows me to block incoming connections from countries like China, Iran and Russia at the firewall level. You'd be surprised how many connection attempts come from these countries that are obviously malicious (port scans, randomly trying to connect to ports of frequently used services such as ssh or ftp). If I check my logs I can see this happening literally 24/7. Sure, this isn't foolproof and there could still be malicious connection attempts from countries you don't block, but it's an extra hurdle for attackers to overcome. You will also still be able to open outgoing connections to these countries (and receive a reply), so you don't need to worry about not being able to visit websites from those countries.

Use "bugs" to alert you to intrusions into your systems. This isn't something I've set up yet, but definitely something I'm going to look into. Check out this site. What this will let you do is receive an email (or even text message I believe), when someone breaks into one of your systems. You can get an alert if someone breaks into your email account and I reckon it should be possible to receive an alert when certain files on your system are accessed, so you could probably also get an alert if someone accesses your Steam guard file. Finding out as soon as you're compromised gives you a head start to change your passwords, de-authorize Steam Guard, etc.

TL;DR: Just do the first two and you should be fine: Use unique passwords and enable two-factor authentication on your email account and Steam (Steam Guard). If you also opt to not save login information (so that you have to type a Steam Guard code every time you login), there is virtually no chance your account will be compromised.