I would still use the router. The router would provide NAT. That's another layer of protection.
https://www.grc.com/nat/nat.htm

I have the Windows firewall up and running. Is that not enough?
What Windows firewall settings are you using? If you directly connected to the modem, you should use the "Public" setting, even though you are at home.
http://www.askthecomputertech.com/wi...-firewall.html
The public network option is highly recommended anytime you connect to an unknown network, if you are connected directly to the Internet without using a router, or if you have a mobile broadband connection.
Aren't I more likely to be attacked by someone stealing passwords from a business rather than being stolen from my computer?
Not necessarily. There are man in the middle attacks that can capture data while you are transmitting it. That's why you want to use SSL (HTTPS) for your secure transactions.