The problem is there is rarely a "best", just a situative and individual fitting solution. One could argue to not use Mullvad but Tor for best privacy and security. One could argue that changing default settings will harm your privacy by becoming part of a smaller sample size group, or benefit your privacy by sharing less data overall.
So best thing you can get is a more detailed education on what those settings (and a VPN in general) do exactly, and decide whether that would benefit or harm your definition of privacy and security.
A best practice approach can't be right for everybody, so I'd avoid any suggestion that says "do this exact thing and you'll have better privacy", especially if it is not explained and discussed in detail.
Until you find a deep understanding, it's usually a good approach to keep the default settings with trusted parties (e.g. if you trust the devs from Mullvad, GrapheneOS, Tor Browser etc.)..