diff --git a/doc/user/group/access_and_permissions.md b/doc/user/group/access_and_permissions.md
index b8e253178525f01e623d94252a73643c2f62e2c9..645c03b17eb3e76785fcb9bba4f3e19e85fc6419 100644
--- a/doc/user/group/access_and_permissions.md
+++ b/doc/user/group/access_and_permissions.md
@@ -229,6 +229,9 @@ By default, projects in a group can be forked.
 In [GitLab Premium and Ultimate tiers](https://about.gitlab.com/pricing/),
 you can prevent the projects in a group from being forked outside of the current top-level group.
 
+NOTE:
+Whenever possible, you should prevent forking outside the top-level group. This setting reduces the number of avenues that bad actors can potentially use. However, if you expect a lot of collaboration from outside the top-level group, you might not want to prevent forking outside the top-level group.
+
 Prerequisites:
 
 - This setting is enabled on the top-level group only.