You will need to direct your friend to this thread here: https://bitcointalk.org/index.php?topic=5089777.0

If your friend cannot provide the evidence that is required in that thread, the chance of recovering the account is significantly reduced, or completely squashed. If your friend does have the evidence, then they can send it to the email, and hopefully recover the account.

If you are asking about how to secure your own account from theft, then the advice would be the same as any other online account. Use secure passwords, which have multiple characters, and includes special characters. Do not, click on links that you don't trust, and don't download software which you do not trust. Do not share your account credentials with anyone.

Those are the basics, but they should serve you well. Its probably worth checking whether your email account has the same security protocols as above, and you don't use the same passwords across the sites.