Standard best practices apply. But here are some additional things to be prepared for.

1. Enable two-factor authentication immediately. This will help prevent you from getting hacked.
2. Ensure that the password you use for Telegram is unique and not used as a password anywhere else.
3. You can disable sharing of your phone number in the Privacy and Security settings, making you less prone to phone hacking.
4. ALWAYS check the Telegram handle of the user DMing you. It could be someone impersonating another member of the chat.
5. To that end, please set your own username—Telegram does not require it, but this will help us verify you.
6. Even if you have verified a username, there is no guarantee you are actually chatting with the intended party. Their phone could have been hacked, for example.
7. You can disable auto-downloading of files in case a malicious file is sent. On desktop, go to “Advanced Settings” then change settings for auto-downloading of files. On mobile, go to “Data and Storage” then change settings in both “Using Cellular” and “Using WiFi.”
8. Be mindful that any file sent could contain malicious links or programming if opened. When in doubt, do not open.