Hi Thomas,
Computer security is a very very complex and nuanced subject with so many facets to it in which each just adds to the complexity. The answer to which security measures you may want will differ between individuals, families, friends and small/medium/large businesses. What does that mean for you two, well that is hard for a third part like myself to say or suggest since every situation depends on only things you two know and understand. Security best practices are not what every individual or group needs, you can't rabbit hole everyone into the same setup and have it work best for their needs.
Yes individual accounts is the more secure setup but it also divides and increase the complexity of setting up a computer. Do each of you need to separate set of documents, music, pictures and videos etc... do each of you need your own email and other types of accounts. If you need things separated, then you actually have 3 sets of stuff to setup. You would have his stuff, your stuff and the stuff you both want to share. This does have the advantage of each user having their own preferences... if you like to have a dark themed look and your brother a light colored one... you can. Of course that extends to the other stuff as well but to do that... each one plus the shared one ( called Public typically in Windows ) would have to be setup separately which does add that complexity to the situation. Remember that this also means that each one would also do their own backup of their setups. If you do have another computer failure of some type... you would then need to possibly restore those 3 different setups.
Now dive a little deeper into what having different account types adds to the above considerations. While Windows can support many different types of user accounts which I won't cover here... two are setup by default. That would be the Administrator and Standard user account types. Administrators can do just about anything on a system such as installing software, setting up network connections ( like internet ) and other things, while the Standard users can only use other programs that the Administrator has installed and/or setup. So if you were to have your own Standard user setup... then anytime you wanted to make changes to the computer... the Administrator account would have to approve of it and actually do that work. An advantage to this type of setup is that the Standard user is less likely to be able to screw up something by installing something they shouldn't... or if the Standard user forgets their password, the Administrator could reset it for them.
Administrator accounts themselves operate by default in two modes as well for security. By default, everything an Admin does is done as if they were a Standard user. If they try to make changes to the system like installing something... Windows will ask if they really want to make those changes, if they answer Yes... it switches them to Admin mode ( so to speak ) and allows it. Because of this two modes of operation... often you will see recommendations that the Admin user "right click" on a file and manually select "Run as Administrator" just to make sure that is happening properly and nothing is blocking the change or installation of the system. Then they will again be asked if they want to permit the changes. This gives a measure of security in that Admin users only normally operate as a Standard user so malware can't use their accounts inappropriately but it doesn't limit the user if they do need to make changes. Sort of the best of both worlds as long as the user is aware and not just approving every popup they see without first thinking... Did I ask the computer to do something or is this popup coming from "out of the blue" by itself and should be now allowed to proceed.
Some programs such as system utilities like backup, malware protection or firewalls and many others... can only be run by Administrators. When installed, these are still going to be available as shortcuts or menu items on the Standard users menus... but if they try to run them, they will then be prompted to provide an Admin user/password in order to proceed.
The situation for you and Rob can be summarized...
With a household of kids and adults... having the two types of accounts of admins and standard users makes a lot of sense. When there are just adults only, you have to then consider issues like if privacy and ownership are needed to determine if separate accounts are needed. If the other user is just a guest, you probably don't want them making system changes but if the user isn't a guest and is capable of making good decisions about the computer... then the accounts ( if separate ) should probably be Admin accounts. Just remember that if you do go with separate accounts, that increases the complexity and both accounts need to be backed up and setup separately. Both would have different email accounts to setup even if one may be shared. Having a second account is also good as a fall back just in case the other user account somehow gets corrupted as long as they are both Admin accounts... the other user could if needed recover the other users data.